Don't barf when installing as root

Grmbl...

.gitignore

@@ -1,5 +1,4 @@
-Makefile
-Makefile.in
+Makefile.config
 
 # /
 /aclocal.m4
@@ -12,15 +11,6 @@ Makefile.in
 /NEWS
 /libtool
 
-# /config/
-/config/config.guess
-/config/config.sub
-/config/depcomp
-/config/install-sh
-/config/missing
-/config/mkinstalldirs
-/config/ltmain.sh
-
 /corepkgs/config.nix
 
 # /corepkgs/buildenv/
@@ -41,10 +31,8 @@ Makefile.in
 /doc/manual/*.1
 /doc/manual/*.5
 /doc/manual/*.8
-/doc/manual/images
 /doc/manual/version.txt
-/doc/manual/NEWS.html
-/doc/manual/NEWS.txt
+/doc/manual/release-notes.html
 
 # /scripts/
 /scripts/nix-profile.sh
@@ -95,13 +83,6 @@ Makefile.in
 
 # /src/nix-log2xml/
 /src/nix-log2xml/nix-log2xml
-/src/nix-log2xml/test*.*
-/src/nix-log2xml/*.log
-/src/nix-log2xml/*.xml
-/src/nix-log2xml/*.html
-
-# /src/nix-setuid-helper/
-/src/nix-setuid-helper/nix-setuid-helper
 
 # /src/nix-store/
 /src/nix-store/nix-store
@@ -109,9 +90,11 @@ Makefile.in
 # /src/nix-daemon/
 /src/nix-daemon/nix-daemon
 
+# /src/download-via-ssh/
+/src/download-via-ssh/download-via-ssh
+
 # /tests/
 /tests/test-tmp
-/tests/config.nix
 /tests/common.sh
 /tests/dummy
 /tests/result*
@@ -124,13 +107,13 @@ Makefile.in
 /perl/lib/Nix/Config.pm
 /perl/lib/Nix/Store.cc
 
-.deps
-.libs
+/misc/systemd/nix-daemon.service
+/misc/systemd/nix-daemon.socket
+
 *.a
-*.lo
-*.la
 *.o
 *.so
+*.dep
 *~
 
 # GNU Global

Makefile

@@ -0,0 +1,28 @@
+makefiles = \
+  local.mk \
+  src/boost/format/local.mk \
+  src/libutil/local.mk \
+  src/libstore/local.mk \
+  src/libmain/local.mk \
+  src/libexpr/local.mk \
+  src/nix-hash/local.mk \
+  src/nix-store/local.mk \
+  src/nix-instantiate/local.mk \
+  src/nix-env/local.mk \
+  src/nix-daemon/local.mk \
+  src/download-via-ssh/local.mk \
+  src/nix-log2xml/local.mk \
+  src/bsdiff-4.3/local.mk \
+  perl/local.mk \
+  scripts/local.mk \
+  corepkgs/local.mk \
+  misc/systemd/local.mk \
+  misc/emacs/local.mk \
+  doc/manual/local.mk \
+  tests/local.mk
+
+GLOBAL_CXXFLAGS += -std=c++0x
+
+include Makefile.config
+
+include mk/lib.mk

Makefile.am

@@ -1,44 +0,0 @@
-SUBDIRS = src perl scripts corepkgs doc misc tests
-EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \
-  NEWS version misc/systemd/nix-daemon.service
-
-pkginclude_HEADERS = config.h
-
-include ./substitute.mk
-
-nix.spec: nix.spec.in
-
-install-data-local: init-state
-	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
-	$(INSTALL) -d $(DESTDIR)$(docdir)
-	$(INSTALL_DATA) README $(DESTDIR)$(docdir)/
-
-if INIT_STATE
-
-# For setuid operation, you can enable the following:
-# INIT_FLAGS = -g @NIX_GROUP@ -o @NIX_USER@
-# GROUP_WRITABLE = -m 775
-
-init-state:
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/db
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix/drvs
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/profiles
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/gcroots
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/temproots
-	ln -sfn $(localstatedir)/nix/profiles $(DESTDIR)$(localstatedir)/nix/gcroots/profiles
-	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/userpool
-	-$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(storedir)
-	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/manifests
-	ln -sfn $(localstatedir)/nix/manifests $(DESTDIR)$(localstatedir)/nix/gcroots/manifests
-
-else
-
-init-state:
-
-endif
-
-NEWS:
-	$(MAKE) -C doc/manual NEWS.txt
-	cp $(srcdir)/doc/manual/NEWS.txt NEWS

Makefile.config.in

@@ -0,0 +1,34 @@
+BDW_GC_LIBS = @BDW_GC_LIBS@
+CC = @CC@
+CFLAGS = @CFLAGS@
+CXX = @CXX@
+CXXFLAGS = @CXXFLAGS@
+HAVE_OPENSSL = @HAVE_OPENSSL@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+bash = @bash@
+bindir = @bindir@
+bsddiff_compat_include = @bsddiff_compat_include@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dblatex = @dblatex@
+docbookrng = @docbookrng@
+docbookxsl = @docbookxsl@
+docdir = @docdir@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+perl = @perl@
+perlbindings = @perlbindings@
+perllibdir = @perllibdir@
+pkglibdir = $(libdir)/$(PACKAGE_NAME)
+prefix = @prefix@
+storedir = @storedir@
+sysconfdir = @sysconfdir@
+w3m = @w3m@
+xmllint = @xmllint@
+xsltproc = @xsltproc@

config/install-sh

@@ -0,0 +1,527 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2011-11-20.07; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	# Protect names problematic for 'test' and other utilities.
+	case $dst_arg in
+	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
+	esac
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	[-=\(\)!]*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test X"$d" = X && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

configure.ac

@@ -1,9 +1,6 @@
-AC_INIT(nix, m4_esyscmd([echo -n $(cat ./version)$VERSION_SUFFIX]))
+AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./version)$VERSION_SUFFIX"]))
 AC_CONFIG_SRCDIR(README)
 AC_CONFIG_AUX_DIR(config)
-AM_INIT_AUTOMAKE([dist-bzip2 foreign])
-
-AC_DEFINE_UNQUOTED(NIX_VERSION, ["$VERSION"], [Nix version.])
 
 AC_PROG_SED
 
@@ -50,17 +47,6 @@ AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier (`cpu-os')])
 test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
 
-# Windows-specific stuff.  On Cygwin, dynamically linking against the
-# ATerm DLL works, except that it requires the ATerm "lib" directory
-# to be in $PATH, as Windows doesn't have anything like an RPATH
-# embedded in executable.  Since this is kind of annoying, we use
-# static libraries for now.
-if test "$sys_name" = "cygwin"; then
-    AC_DISABLE_SHARED
-    AC_ENABLE_STATIC
-fi
-
-
 # Solaris-specific stuff.
 if test "$sys_name" = sunos; then
     # Solaris requires -lsocket -lnsl for network functions
@@ -68,24 +54,11 @@ if test "$sys_name" = sunos; then
 fi
 
 
+CFLAGS=${CFLAGS:--g -O3 -Wall}
+CXXFLAGS=${CXXFLAGS:--g -O3 -Wall}
 AC_PROG_CC
 AC_PROG_CXX
 
-# To build programs to be run in the build machine.
-if test "$CC_FOR_BUILD" = ""; then
-    if test "$cross_compiling" = "yes"; then
-        AC_CHECK_PROGS(CC_FOR_BUILD, gcc cc)
-    else
-        CC_FOR_BUILD="$CC"
-    fi
-fi
-AC_SUBST([CC_FOR_BUILD])
-
-# We are going to use libtool.
-AC_DISABLE_STATIC
-AC_ENABLE_SHARED
-AC_PROG_LIBTOOL
-
 
 # Use 64-bit file system calls so that we can support files > 2 GiB.
 AC_SYS_LARGEFILE
@@ -106,6 +79,7 @@ AC_LANG_POP(C++)
 # Check for chroot support (requires chroot() and bind mounts).
 AC_CHECK_FUNCS([chroot])
 AC_CHECK_FUNCS([unshare])
+AC_CHECK_FUNCS([statvfs])
 AC_CHECK_HEADERS([sched.h])
 AC_CHECK_HEADERS([sys/param.h])
 AC_CHECK_HEADERS([sys/mount.h], [], [],
@@ -124,6 +98,10 @@ AC_CHECK_HEADERS([sys/mount.h], [], [],
 AC_CHECK_FUNCS([lutimes])
 
 
+# Check for sched_setaffinity.
+AC_CHECK_FUNCS([sched_setaffinity])
+
+
 # Check whether the store optimiser can optimise symlinks.
 AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
 ln -s bla tmp_link
@@ -182,10 +160,10 @@ NEED_PROG(perl, perl)
 NEED_PROG(sed, sed)
 NEED_PROG(tar, tar)
 NEED_PROG(bzip2, bzip2)
+NEED_PROG(gzip, gzip)
 NEED_PROG(xz, xz)
 AC_PATH_PROG(dot, dot)
 AC_PATH_PROG(dblatex, dblatex)
-AC_PATH_PROG(gzip, gzip)
 AC_PATH_PROG(pv, pv, pv)
 
 
@@ -202,7 +180,7 @@ AC_MSG_RESULT(yes)
 AC_MSG_CHECKING([for the Perl installation prefix])
 perlversion=$($perl -e 'use Config; print $Config{version};')
 perlarchname=$($perl -e 'use Config; print $Config{archname};')
-AC_SUBST(perllibdir, [$\(libdir\)/perl5/site_perl/$perlversion/$perlarchname])
+AC_SUBST(perllibdir, [${libdir}/perl5/site_perl/$perlversion/$perlarchname])
 AC_MSG_RESULT($perllibdir)
 
 
@@ -225,12 +203,6 @@ AC_ARG_WITH(docbook-xsl, AC_HELP_STRING([--with-docbook-xsl=PATH],
 AC_SUBST(docbookxsl)
 
 
-AC_ARG_WITH(xml-flags, AC_HELP_STRING([--with-xml-flags=FLAGS],
-  [extra flags to be passed to xmllint and xsltproc]),
-  xmlflags=$withval, xmlflags=)
-AC_SUBST(xmlflags)
-
-
 AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
   [path of the Nix store (defaults to /nix/store)]),
   storedir=$withval, storedir='/nix/store')
@@ -238,15 +210,15 @@ AC_SUBST(storedir)
 
 
 # Look for OpenSSL, an optional dependency.
-AC_PATH_PROG(openssl_prog, openssl, openssl) # if not found, call openssl in $PATH
-AC_SUBST(openssl_prog)
-AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl_prog"], [Path of the OpenSSL binary])
+AC_PATH_PROG(openssl, openssl, openssl) # if not found, call openssl in $PATH
+AC_SUBST(openssl)
+AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl"], [Path of the OpenSSL binary])
 
 PKG_CHECK_MODULES([OPENSSL], [libcrypto],
   [AC_DEFINE([HAVE_OPENSSL], [1], [Whether to use OpenSSL.])
    CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"
-   have_openssl=1], [true])
-AM_CONDITIONAL(HAVE_OPENSSL, test "$have_openssl" = 1)
+   have_openssl=1], [have_openssl=])
+AC_SUBST(HAVE_OPENSSL, [$have_openssl])
 
 
 # Look for libbz2, a required dependency.
@@ -312,7 +284,6 @@ if test "$enable_shared" = no; then
    # Perl bindings require shared libraries.
    perlbindings=no
 fi
-AM_CONDITIONAL(PERL_BINDINGS, test "$perlbindings" = "yes")
 AC_SUBST(perlbindings)
 AC_MSG_RESULT($perlbindings)
 
@@ -320,7 +291,7 @@ AC_MSG_RESULT($perlbindings)
 AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
   [do not initialise DB etc. in `make install']),
   init_state=$enableval, init_state=yes)
-AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
+#AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
 
 
 # Setuid installations.
@@ -354,30 +325,15 @@ fi
 AC_SUBST(tarFlags)
 
 
-AM_CONFIG_HEADER([config.h])
-AC_CONFIG_FILES([Makefile
-   src/Makefile
-   src/boost/Makefile
-   src/boost/format/Makefile
-   src/libutil/Makefile
-   src/libstore/Makefile
-   src/libmain/Makefile
-   src/nix-store/Makefile
-   src/nix-hash/Makefile
-   src/libexpr/Makefile
-   src/nix-instantiate/Makefile
-   src/nix-env/Makefile
-   src/nix-daemon/Makefile
-   src/nix-setuid-helper/Makefile
-   src/nix-log2xml/Makefile
-   src/bsdiff-4.3/Makefile
-   perl/Makefile
-   scripts/Makefile
-   corepkgs/Makefile
-   doc/Makefile
-   doc/manual/Makefile
-   misc/Makefile
-   misc/emacs/Makefile
-   tests/Makefile
-  ])
+# Expand all variables in config.status.
+test "$prefix" = NONE && prefix=$ac_default_prefix
+test "$exec_prefix" = NONE && exec_prefix='${prefix}'
+for name in $ac_subst_vars; do
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+done
+
+AC_CONFIG_HEADER([config.h])
+AC_CONFIG_FILES([])
 AC_OUTPUT

corepkgs/Makefile.am

@@ -1,12 +0,0 @@
-all-local: config.nix
-
-files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix derivation.nix fetchurl.nix \
-	imported-drv-to-derivation.nix
-
-install-exec-local:
-	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
-	$(INSTALL_DATA) config.nix $(files) $(DESTDIR)$(datadir)/nix/corepkgs
-
-include ../substitute.mk
-
-EXTRA_DIST = config.nix.in $(files)

corepkgs/buildenv.pl

@@ -36,9 +36,6 @@ sub createLinks {
         if ($srcFile =~ /\/propagated-build-inputs$/ ||
             $srcFile =~ /\/nix-support$/ ||
             $srcFile =~ /\/perllocal.pod$/ ||
-            $srcFile =~ /\/easy-install.pth$/ ||
-            $srcFile =~ /\/site.py$/ ||
-            $srcFile =~ /\/site.pyc$/ ||
             $srcFile =~ /\/info\/dir$/ ||
             $srcFile =~ /\/log$/)
         {
@@ -56,7 +53,7 @@ sub createLinks {
             elsif (-l _) {
                 my $target = readlink $dstFile or die;
                 if (!-d $target) {
-                    die "collission between directory `$srcFile' and non-directory `$target'";
+                    die "collision between directory `$srcFile' and non-directory `$target'";
                 }
                 unlink $dstFile or die "error unlinking `$dstFile': $!";
                 mkdir $dstFile, 0755 ||
@@ -78,7 +75,7 @@ sub createLinks {
             if (-l $dstFile) {
                 my $target = readlink $dstFile;
                 my $prevPriority = $priorities{$dstFile};
-                die ( "collission between `$srcFile' and `$target'; "
+                die ( "collision between `$srcFile' and `$target'; "
                     . "use `nix-env --set-flag "
                     . "priority NUMBER PKGNAME' to change the priority of "
                     . "one of the conflicting packages\n" )

corepkgs/config.nix.in

@@ -4,9 +4,10 @@ let
     if val != "" then val else def;
 in {
   perl = "@perl@";
-  shell = "@shell@";
+  shell = "@bash@";
   coreutils = "@coreutils@";
   bzip2 = "@bzip2@";
+  gzip = "@gzip@";
   xz = "@xz@";
   tar = "@tar@";
   tarFlags = "@tarFlags@";

corepkgs/local.mk

@@ -0,0 +1,5 @@
+corepkgs_FILES = nar.nix buildenv.nix buildenv.pl unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
+
+$(foreach file,config.nix $(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))
+
+template-files += $(d)/config.nix

corepkgs/nar.nix

@@ -6,25 +6,28 @@ let
     ''
       export PATH=${nixBinDir}:${coreutils}
 
-      if [ $compressionType = "xz" ]; then
-        ext=xz
-        compressor="${xz} -9"
+      if [ $compressionType = xz ]; then
+        ext=.xz
+        compressor="| ${xz} -7"
+      elif [ $compressionType = bzip2 ]; then
+        ext=.bz2
+        compressor="| ${bzip2}"
       else
-        ext=bz2
-        compressor="${bzip2}"
+        ext=
+        compressor=
       fi
 
       echo "packing ‘$storePath’..."
       mkdir $out
-      dst=$out/tmp.nar.$ext
+      dst=$out/tmp.nar$ext
 
       set -o pipefail
-      nix-store --dump "$storePath" | $compressor > $dst
+      eval "nix-store --dump \"$storePath\" $compressor > $dst"
 
       hash=$(nix-hash --flat --type $hashAlgo --base32 $dst)
       echo -n $hash > $out/nar-compressed-hash
 
-      mv $dst $out/$hash.nar.$ext
+      mv $dst $out/$hash.nar$ext
     '';
 
 in
@@ -40,4 +43,7 @@ derivation {
 
   # Don't build in a chroot because Nix's dependencies may not be there.
   __noChroot = true;
+
+  # Remote machines may not have ${nixBinDir} or ${coreutils} in the same prefixes
+  preferLocalBuild = true;
 }

corepkgs/unpack-channel.nix

@@ -6,9 +6,12 @@ let
     ''
       mkdir $out
       cd $out
-      pat="\.xz\$"
-      if [[ "$src" =~ $pat ]]; then
+      xzpat="\.xz\$"
+      gzpat="\.gz\$"
+      if [[ "$src" =~ $xzpat ]]; then
         ${xz} -d < $src | ${tar} xf - ${tarFlags}
+      elif [[ "$src" =~ $gzpat ]]; then
+        ${gzip} -d < $src | ${tar} xf - ${tarFlags}
       else
         ${bzip2} -d < $src | ${tar} xf - ${tarFlags}
       fi

dev-shell

@@ -0,0 +1,17 @@
+#! /bin/sh
+if [ -e tests/test-tmp ]; then
+    chmod -R u+w tests/test-tmp
+    rm -rf tests/test-tmp
+fi
+
+s=$(type -p nix-shell)
+exec $s release.nix -A tarball --command "
+    export NIX_REMOTE=daemon
+    export NIX_PATH='$NIX_PATH'
+    export NIX_BUILD_SHELL=$(type -p bash)
+    export c=\$configureFlags
+    exec $s release.nix -A build.x86_64-linux --exclude tarball --command '
+        configureFlags+=\" \$c --prefix=$(pwd)/inst --sysconfdir=$(pwd)/inst/etc\"
+        return
+    '" \
+    "$@"

doc/Makefile.am

@@ -1 +0,0 @@
-SUBDIRS = manual

doc/dev/release-procedures.txt

@@ -1,33 +0,0 @@
-To produce a `stable' release from the trunk:
-
--1. Update the release notes; make sure that the release date is
-    correct.
-
-0. Make sure that the trunk builds in the release supervisor.
-
-1. Branch the trunk, e.g., `svn cp .../trunk
-   .../branches/0.5-release'.
-
-2. Switch to the branch, e.g., `svn switch .../branches/0.5-release'.
-
-3. In `configure.ac', change `STABLE=0' into `STABLE=1' and commit.
-
-4. In the release supervisor, add a one-time job to build
-   `.../branches/0.5-release'.
-
-5. Make sure that the release succeeds.
-
-6. Move the branch to a tag, e.g., `svn mv .../branches/0.5-release
-   .../tags/0.5'.
-
-   Note that the branch should not be used for maintenance; it should
-   be deleted after the release has been created.  A maintenance
-   branch (e.g., `.../branches/0.5') should be created from the
-   original revision of the trunk (since maintenance releases should
-   also be tested first; hence, we cannot have `STABLE=1').  The same
-   procedure can then be followed to produce maintenance releases;
-   just substitute `.../branches/VERSION' for the trunk.
-
-7. Switch back to the trunk.
-
-8. Bump the version number in `configure.ac' (in AC_INIT).

doc/manual/Makefile.am

@@ -1,117 +0,0 @@
-XMLLINT = $(xmllint) --nonet $(xmlflags)
-XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
- --param section.autolabel 1 \
- --param section.label.includes.component.label 1 \
- --param html.stylesheet \'style.css\' \
- --param xref.with.number.and.title 1 \
- --param toc.section.depth 3 \
- --param admon.style \'\' \
- --param callout.graphics.extension \'.gif\' \
- --param contrib.inline.enabled 0
-
-dblatex_opts = \
- -P doc.collab.show=0 \
- -P latex.output.revhistory=0
-
-# Note: we use GIF for now, since the PNGs shipped with Docbook aren't
-# transparent.
-
-man1_MANS = nix-env.1 nix-build.1 nix-store.1 nix-instantiate.1 \
- nix-collect-garbage.1 nix-push.1 nix-pull.1 \
- nix-prefetch-url.1 nix-channel.1 \
- nix-install-package.1 nix-hash.1 nix-copy-closure.1
-
-man5_MANS = nix.conf.5
-
-man8_MANS = nix-daemon.8
-
-FIGURES = figures/user-environments.png
-
-MANUAL_SRCS = manual.xml introduction.xml installation.xml \
- package-management.xml writing-nix-expressions.xml builtins.xml \
- build-farm.xml \
- $(man1_MANS:.1=.xml) $(man8_MANS:.8=.xml) \
- troubleshooting.xml bugs.xml opt-common.xml opt-common-syn.xml opt-inst-syn.xml \
- env-common.xml quick-start.xml nix-lang-ref.xml glossary.xml \
- conf-file.xml release-notes.xml \
- style.css images
-
-# Do XInclude processing.
-manual.xmli: $(MANUAL_SRCS) version.txt
-	$(XMLLINT) --xinclude $< -o $@.tmp
-	mv $@.tmp $@
-
-# Note: RelaxNG validation requires xmllint >= 2.7.4.
-manual.is-valid: manual.xmli
-	$(XSLTPROC) --novalid --stringparam profile.condition manual \
-	  $(docbookxsl)/profiling/profile.xsl $< 2> /dev/null | \
-	  $(XMLLINT) --noout --relaxng $(docbookrng)/docbook.rng -
-	touch $@
-
-version.txt:
-	echo -n $(VERSION) > version.txt
-
-man $(MANS): manual.is-valid
-	$(XSLTPROC) --stringparam profile.condition manpage \
-	  $(docbookxsl)/profiling/profile.xsl manual.xmli 2> /dev/null | \
-	  $(XSLTPROC) $(docbookxsl)/manpages/docbook.xsl -
-
-manual.html: $(MANUAL_SRCS) manual.is-valid images
-	$(XSLTPROC) --xinclude --stringparam profile.condition manual \
-	  $(docbookxsl)/profiling/profile.xsl manual.xml | \
-	  $(XSLTPROC) --output manual.html $(docbookxsl)/html/docbook.xsl -
-
-manual.pdf: $(MANUAL_SRCS) manual.is-valid images
-	if test "$(dblatex)" != ""; then \
-		$(XSLTPROC) --xinclude --stringparam profile.condition manual \
-		  $(docbookxsl)/profiling/profile.xsl manual.xml | \
-		  $(dblatex) -o manual.pdf $(dblatex_opts) -; \
-	else \
-		echo "Please install dblatex and rerun configure."; \
-		exit 1; \
-	fi
-
-
-NEWS_OPTS = \
- --stringparam generate.toc "article nop" \
- --stringparam section.autolabel.max.depth 0 \
- --stringparam header.rule 0
-
-NEWS.html: release-notes.xml
-	$(XSLTPROC) --xinclude --output $@ $(NEWS_OPTS) \
-	  $(docbookxsl)/html/docbook.xsl release-notes.xml
-
-NEWS.txt: release-notes.xml
-	$(XSLTPROC) --xinclude quote-literals.xsl release-notes.xml | \
-	  $(XSLTPROC) --output $@.tmp.html $(NEWS_OPTS) \
-	  $(docbookxsl)/html/docbook.xsl -
-	LANG=en_US $(w3m) -dump $@.tmp.html > $@
-	rm $@.tmp.html
-
-
-all-local: manual.html NEWS.html NEWS.txt
-
-install-data-local: manual.html
-	$(INSTALL) -d $(DESTDIR)$(docdir)/manual
-	$(INSTALL_DATA) manual.html $(DESTDIR)$(docdir)/manual
-	ln -sf manual.html $(DESTDIR)$(docdir)/manual/index.html
-	$(INSTALL_DATA) style.css $(DESTDIR)$(docdir)/manual
-	cp -r images $(DESTDIR)$(docdir)/manual/images
-	$(INSTALL) -d $(DESTDIR)$(docdir)/manual/figures
-	$(INSTALL_DATA) $(FIGURES) $(DESTDIR)$(docdir)/manual/figures
-	$(INSTALL) -d $(DESTDIR)$(docdir)/release-notes
-	$(INSTALL_DATA) NEWS.html $(DESTDIR)$(docdir)/release-notes/index.html
-	$(INSTALL_DATA) style.css $(DESTDIR)$(docdir)/release-notes/
-
-images:
-	mkdir images
-#	cp $(docbookxsl)/images/*.gif images
-	mkdir images/callouts
-	cp $(docbookxsl)/images/callouts/*.gif images/callouts
-	chmod -R +w images
-
-KEEP = manual.html manual.xmli manual.is-valid version.txt $(MANS) NEWS.html NEWS.txt
-
-EXTRA_DIST = $(MANUAL_SRCS) $(FIGURES) $(KEEP)
-
-DISTCLEANFILES = $(KEEP)

doc/manual/builtins.xml

@@ -12,9 +12,9 @@ such as <function>derivation</function>, are always in scope of every
 Nix expression; you can just access them right away.  But to prevent
 polluting the namespace too much, most built-ins are not in scope.
 Instead, you can access them through the <varname>builtins</varname>
-built-in value, which is an attribute set that contains all built-in
-functions and values.  For instance, <function>derivation</function>
-is also available as <function>builtins.derivation</function>.</para>
+built-in value, which is a set that contains all built-in functions
+and values.  For instance, <function>derivation</function> is also
+available as <function>builtins.derivation</function>.</para>
 
 
 <variablelist>
@@ -39,17 +39,17 @@ is also available as <function>builtins.derivation</function>.</para>
 
 
   <varlistentry><term><function>builtins.attrNames</function>
-  <replaceable>attrs</replaceable></term>
+  <replaceable>set</replaceable></term>
 
-    <listitem><para>Return the names of the attributes in the
-    attribute set <replaceable>attrs</replaceable> in a sorted list.
-    For instance, <literal>builtins.attrNames { y = 1; x = "foo";
-    }</literal> evaluates to <literal>[ "x" "y" ]</literal>.  There is
-    no built-in function <function>attrValues</function>, but you can
-    easily define it yourself:
+    <listitem><para>Return the names of the attributes in the set
+    <replaceable>set</replaceable> in a sorted list.  For instance,
+    <literal>builtins.attrNames { y = 1; x = "foo"; }</literal>
+    evaluates to <literal>[ "x" "y" ]</literal>.  There is no built-in
+    function <function>attrValues</function>, but you can easily
+    define it yourself:
 
 <programlisting>
-attrValues = attrs: map (name: builtins.getAttr name attrs) (builtins.attrNames attrs);</programlisting>
+attrValues = set: map (name: builtins.getAttr name set) (builtins.attrNames set);</programlisting>
 
     </para></listitem>
 
@@ -68,8 +68,8 @@ attrValues = attrs: map (name: builtins.getAttr name attrs) (builtins.attrNames
 
   <varlistentry><term><varname>builtins</varname></term>
 
-    <listitem><para>The attribute set <varname>builtins</varname>
-    contains all the built-in functions and values.  You can use
+    <listitem><para>The set <varname>builtins</varname> contains all
+    the built-in functions and values.  You can use
     <varname>builtins</varname> to test for the availability of
     features in the Nix installation, e.g.,
 
@@ -258,11 +258,11 @@ stdenv.mkDerivation {
 
 
   <varlistentry><term><function>builtins.getAttr</function>
-  <replaceable>s</replaceable> <replaceable>attrs</replaceable></term>
+  <replaceable>s</replaceable> <replaceable>set</replaceable></term>
 
     <listitem><para><function>getAttr</function> returns the attribute
-    named <replaceable>s</replaceable> from the attribute set
-    <replaceable>attrs</replaceable>.  Evaluation aborts if the
+    named <replaceable>s</replaceable> from
+    <replaceable>set</replaceable>.  Evaluation aborts if the
     attribute doesn’t exist.  This is a dynamic version of the
     <literal>.</literal> operator, since <replaceable>s</replaceable>
     is an expression rather than an identifier.</para></listitem>
@@ -289,15 +289,15 @@ stdenv.mkDerivation {
 
 
   <varlistentry><term><function>builtins.hasAttr</function>
-  <replaceable>s</replaceable> <replaceable>attrs</replaceable></term>
+  <replaceable>s</replaceable> <replaceable>set</replaceable></term>
 
     <listitem><para><function>hasAttr</function> returns
-    <literal>true</literal> if the attribute set
-    <replaceable>attrs</replaceable> has an attribute named
-    <replaceable>s</replaceable>, and <literal>false</literal>
-    otherwise.  This is a dynamic version of the <literal>?</literal>
-    operator, since <replaceable>s</replaceable> is an expression
-    rather than an identifier.</para></listitem>
+    <literal>true</literal> if <replaceable>set</replaceable> has an
+    attribute named <replaceable>s</replaceable>, and
+    <literal>false</literal> otherwise.  This is a dynamic version of
+    the <literal>?</literal>  operator, since
+    <replaceable>s</replaceable> is an expression rather than an
+    identifier.</para></listitem>
 
   </varlistentry>
 
@@ -331,12 +331,12 @@ stdenv.mkDerivation {
     <listitem><para>Load, parse and return the Nix expression in the
     file <replaceable>path</replaceable>.  If <replaceable>path
     </replaceable> is a directory, the file <filename>default.nix
-    </filename> in that directory is loaded.  Evaluation aborts if
-    the file doesn’t exist or contains an incorrect Nix
-    expression.  <function>import</function> implements Nix’s module
-    system: you can put any Nix expression (such as an attribute set
-    or a function) in a separate file, and use it from Nix expressions
-    in other files.</para>
+    </filename> in that directory is loaded.  Evaluation aborts if the
+    file doesn’t exist or contains an incorrect Nix expression.
+    <function>import</function> implements Nix’s module system: you
+    can put any Nix expression (such as a set or a function) in a
+    separate file, and use it from Nix expressions in other
+    files.</para>
 
     <para>A Nix expression loaded by <function>import</function> must
     not contain any <emphasis>free variables</emphasis> (identifiers
@@ -383,9 +383,9 @@ x: x + 456</programlisting>
   <varlistentry><term><function>builtins.intersectAttrs</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return an attribute set consisting of the
-    attributes in the set <replaceable>e2</replaceable> that also
-    exist in the set <replaceable>e1</replaceable>.</para></listitem>
+    <listitem><para>Return a set consisting of the attributes in the
+    set <replaceable>e2</replaceable> that also exist in the set
+    <replaceable>e1</replaceable>.</para></listitem>
 
   </varlistentry>
 
@@ -394,7 +394,7 @@ x: x + 456</programlisting>
   <replaceable>e</replaceable></term>
 
     <listitem><para>Return <literal>true</literal> if
-    <replaceable>e</replaceable> evaluates to an attribute set, and
+    <replaceable>e</replaceable> evaluates to a set, and
     <literal>false</literal> otherwise.</para></listitem>
 
   </varlistentry>
@@ -434,7 +434,7 @@ x: x + 456</programlisting>
   <replaceable>e</replaceable></term>
 
     <listitem><para>Return <literal>true</literal> if
-    <replaceable>e</replaceable> evaluates to a int, and
+    <replaceable>e</replaceable> evaluates to an int, and
     <literal>false</literal> otherwise.</para></listitem>
 
   </varlistentry>
@@ -490,9 +490,9 @@ x: x + 456</programlisting>
   <varlistentry><term><function>builtins.listToAttrs</function>
   <replaceable>e</replaceable></term>
 
-    <listitem><para>Construct an attribute set from a list specifying
-    the names and values of each attribute.  Each element of the list
-    should be an attribute set consisting of a string-valued attribute
+    <listitem><para>Construct a set from a list specifying the names
+    and values of each attribute.  Each element of the list should be
+    a set consisting of a string-valued attribute
     <varname>name</varname> specifying the name of the attribute, and
     an attribute <varname>value</varname> specifying its value.
     Example:
@@ -547,7 +547,7 @@ map (x: "foo" + x) [ "bar" "bla" "abc" ]</programlisting>
     a package name and version.  The package name is everything up to
     but not including the first dash followed by a digit, and the
     version is everything following that dash.  The result is returned
-    in an attribute set <literal>{ name, version }</literal>.  Thus,
+    in a set <literal>{ name, version }</literal>.  Thus,
     <literal>builtins.parseDrvName "nix-0.12pre12876"</literal>
     returns <literal>{ name = "nix"; version = "0.12pre12876";
     }</literal>.</para></listitem>
@@ -598,12 +598,12 @@ in config.someSetting</programlisting>
 
 
   <varlistentry><term><function>removeAttrs</function>
-  <replaceable>attrs</replaceable> <replaceable>list</replaceable></term>
+  <replaceable>set</replaceable> <replaceable>list</replaceable></term>
 
     <listitem><para>Remove the attributes listed in
-    <replaceable>list</replaceable> from the attribute set
-    <replaceable>attrs</replaceable>.  The attributes don’t have to
-    exist in <replaceable>attrs</replaceable>. For instance,
+    <replaceable>list</replaceable> from
+    <replaceable>set</replaceable>.  The attributes don’t have to
+    exist in <replaceable>set</replaceable>. For instance,
 
 <screen>
 removeAttrs { x = 1; y = 2; z = 3; } [ "a" "x" "z" ]</screen>
@@ -750,6 +750,18 @@ in foo</programlisting>
   </varlistentry>
 
 
+  <varlistentry><term><function>builtins.toJSON</function> <replaceable>e</replaceable></term>
+
+    <listitem><para>Return a string containing a JSON representation
+    of <replaceable>e</replaceable>.  Strings, integers, booleans,
+    nulls and lists are mapped to their JSON equivalents.  Sets
+    (except derivations) are represented as objects.  Derivations are
+    translated to a JSON string containing the derivation’s output
+    path.  Paths are copied to the store and represented as a JSON
+    string of the resulting store path.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><function>builtins.toPath</function> <replaceable>s</replaceable></term>
 
     <listitem><para>Convert the string value
@@ -792,7 +804,7 @@ in foo</programlisting>
     servlet container</link>.  A servlet container contains a number
     of servlets (<filename>*.war</filename> files) each exported under
     a specific URI prefix.  So the servlet configuration is a list of
-    attribute sets containing the <varname>path</varname> and
+    sets containing the <varname>path</varname> and
     <varname>war</varname> of the servlet (<xref
     linkend='ex-toxml-co-servlets' />).  This kind of information is
     difficult to communicate with the normal method of passing
@@ -901,6 +913,19 @@ stdenv.mkDerivation (rec {
   </varlistentry>
 
 
+  <varlistentry><term><function>builtins.typeOf</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return a string representing the type of the value
+    <replaceable>e</replaceable>, namely <literal>"int"</literal>,
+    <literal>"bool"</literal>, <literal>"string"</literal>,
+    <literal>"path"</literal>, <literal>"null"</literal>,
+    <literal>"set"</literal>, <literal>"list"</literal> or
+    <literal>"lambda"</literal>.</para></listitem>
+
+  </varlistentry>
+
+
 </variablelist>
 
 

doc/manual/conf-file.xml

@@ -101,8 +101,8 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
     <listitem><para>This option defines the maximum number of jobs
     that Nix will try to build in parallel.  The default is
     <literal>1</literal>.  You should generally set it to the number
-    of CPUs in your system (e.g., <literal>2</literal> on a Athlon 64
-    X2).  It can be overriden using the <option
+    of CPUs in your system (e.g., <literal>2</literal> on an Athlon 64
+    X2).  It can be overridden using the <option
     linkend='opt-max-jobs'>--max-jobs</option> (<option>-j</option>)
     command line switch.</para></listitem>
 
@@ -119,7 +119,7 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
     <varname>enableParallelBuilding</varname> is set to
     <literal>true</literal>, the builder passes the
     <option>-j<replaceable>N</replaceable></option> flag to GNU Make.
-    It can be overriden using the <option
+    It can be overridden using the <option
     linkend='opt-cores'>--cores</option> command line switch and
     defaults to <literal>1</literal>.  The value <literal>0</literal>
     means that the builder should use all available CPU cores in the
@@ -134,10 +134,10 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
 
       <para>This option defines the maximum number of seconds that a
       builder can go without producing any data on standard output or
-      standard error.  This is useful (for instance in a automated
+      standard error.  This is useful (for instance in an automated
       build system) to catch builds that are stuck in an infinite
       loop, or to catch remote builds that are hanging due to network
-      problems.  It can be overriden using the <option
+      problems.  It can be overridden using the <option
       linkend="opt-max-silent-time">--max-silent-time</option> command
       line switch.</para>
 
@@ -148,15 +148,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
 
   </varlistentry>
 
+
   <varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term>
 
     <listitem>
 
       <para>This option defines the maximum number of seconds that a
-      builder can run.  This is useful (for instance in a automated
+      builder can run.  This is useful (for instance in an automated
       build system) to catch builds that are stuck in an infinite loop
       but keep writing to their standard output or standard error.  It
-      can be overriden using the <option
+      can be overridden using the <option
       linkend="opt-timeout">--timeout</option> command line
       switch.</para>
 
@@ -168,6 +169,20 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term>
+
+    <listitem>
+
+      <para>This option defines the maximum number of bytes that a
+      builder can write to its stdout/stderr.  If the builder exceeds
+      this limit, it’s killed.  A value of <literal>0</literal> (the
+      default) means that there is no limit.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
   <varlistentry xml:id="conf-build-users-group"><term><literal>build-users-group</literal></term>
 
     <listitem><para>This options specifies the Unix group containing
@@ -325,7 +340,7 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
 
     <listitem><para>A list of URLs of binary caches, separated by
     whitespace.  The default is
-    <literal>http://nixos.org/binary-cache</literal>.</para></listitem>
+    <literal>http://cache.nixos.org</literal>.</para></listitem>
 
   </varlistentry>
 
@@ -350,13 +365,25 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
     whitespace.  These are not used by default, but can be enabled by
     users of the Nix daemon by specifying <literal>--option
     binary-caches <replaceable>urls</replaceable></literal> on the
-    command line.  Daemon users are only allowed to pass a subset of
-    the URLs listed in <literal>binary-caches</literal> and
+    command line.  Unprivileged users are only allowed to pass a
+    subset of the URLs listed in <literal>binary-caches</literal> and
     <literal>trusted-binary-caches</literal>.</para></listitem>
 
   </varlistentry>
 
 
+  <varlistentry><term><literal>extra-binary-caches</literal></term>
+
+    <listitem><para>Additional binary caches appended to those
+    specified in <option>binary-caches</option> and
+    <option>binary-caches-files</option>.  When used by unprivileged
+    users, untrusted binary caches (i.e. those not listed in
+    <option>trusted-binary-caches</option>) are silently
+    ignored.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
     <listitem><para>The maximum number of parallel HTTP connections
@@ -413,12 +440,27 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
 
   <varlistentry><term><literal>auto-optimise-store</literal></term>
 
-    <listitem><para>If set to <literal>true</literal> (the default),
-    Nix automatically detects files in the store that have identical
+    <listitem><para>If set to <literal>true</literal>, Nix
+    automatically detects files in the store that have identical
     contents, and replaces them with hard links to a single copy.
-    This saves disk space.  If set to <literal>false</literal>, you
-    can still run <command>nix-store --optimise</command> to get rid
-    of duplicate files.</para></listitem>
+    This saves disk space.  If set to <literal>false</literal> (the
+    default), you can still run <command>nix-store
+    --optimise</command> to get rid of duplicate
+    files.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry xml:id="conf-connect-timeout"><term><literal>connect-timeout</literal></term>
+
+    <listitem>
+
+      <para>The timeout (in seconds) for establishing connections in
+      the binary cache substituter.  It corresponds to
+      <command>curl</command>’s <option>--connect-timeout</option>
+      option.</para>
+
+    </listitem>
 
   </varlistentry>
 

doc/manual/env-common.xml

@@ -293,7 +293,7 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 <varlistentry xml:id="envar-other-stores"><term><envar>NIX_OTHER_STORES</envar></term>
 
   <listitem><para>This variable contains the paths of remote Nix
-  installations from whichs paths can be copied, separated by colons.
+  installations from which packages can be copied, separated by colons.
   <phrase condition="manual">See <xref linkend="sec-sharing-packages"
   /> for details.</phrase>  Each path should be the
   <filename>/nix</filename> directory of a remote Nix installation
@@ -312,6 +312,24 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>
 
 
+<varlistentry><term><envar>NIX_SHOW_STATS</envar></term>
+
+  <listitem><para>If set to <literal>1</literal>, Nix will print some
+  evaluation statistics, such as the number of values
+  allocated.</para></listitem>
+
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_COUNT_CALLS</envar></term>
+
+  <listitem><para>If set to <literal>1</literal>, Nix will print how
+  often functions were called during Nix expression evaluation.  This
+  is useful for profiling your Nix expressions.</para></listitem>
+
+</varlistentry>
+
+
 <varlistentry><term><envar>GC_INITIAL_HEAP_SIZE</envar></term>
 
   <listitem><para>If Nix has been configured to use the Boehm garbage

doc/manual/hacking.xml

@@ -0,0 +1,41 @@
+<appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xml:id="chap-hacking">
+
+<title>Hacking</title>
+
+<para>This section provides some notes on how to hack on Nix.  To get
+the latest version of Nix from GitHub:
+<screen>
+$ git clone git://github.com/NixOS/nix.git
+$ cd nix
+</screen>
+</para>
+
+<para>To build it and its dependencies:
+<screen>
+$ nix-build release.nix -A build.x86_64-linux
+</screen>
+</para>
+
+<para>To build all dependencies and start a shell in which all
+environment variables are set up so that those dependencies can be
+found:
+<screen>
+$ ./dev-shell
+</screen>
+To build Nix itself in this shell:
+<screen>
+[nix-shell]$ ./bootstrap
+[nix-shell]$ configurePhase
+[nix-shell]$ make
+</screen>
+To test it:
+<screen>
+[nix-shell]$ make install
+[nix-shell]$ make installcheck
+</screen>
+
+</para>
+
+</appendix>

doc/manual/installation.xml

@@ -42,20 +42,41 @@ platforms as well.</para>
 
 <section><title>Installing a binary distribution</title>
 
-<para>The easiest way to install Nix is to use a binary package.
+<para>The easiest way to install Nix is to run the following:
+
+<screen>
+$ bash &lt;(curl https://nixos.org/nix/install)
+</screen>
+
+This will perform a single-user installation of Nix, meaning that
+<filename>/nix</filename> is owned by the invoking user.  You should
+run this under your usual user account, <emphasis>not</emphasis> as
+root.  The script will invoke <command>sudo</command> to create
+<filename>/nix</filename> if it doesn’t already exist.  If you don’t
+have <command>sudo</command>, you should manually create
+<command>/nix</command> first as root:
+
+<screen>
+$ mkdir /nix
+$ chown alice /nix
+</screen>
+
+</para>
+
+<para>You can also manually download and install a binary package.
 Binary packages of the latest stable release are available for Fedora,
 Debian, Ubuntu, Mac OS X and various other systems from the <link
 xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
 You can also get builds of the latest development release from our
 <link
-xlink:href="http://hydra.nixos.org/view/nix/trunk/latest">continuous
+xlink:href="http://hydra.nixos.org/job/nix/trunk/release/latest-finished#tabs-constituents">continuous
 build system</link>.</para>
 
 <para>For Fedora, RPM packages are available.  These can be installed
 or upgraded using <command>rpm -U</command>.  For example,
 
 <screen>
-$ rpm -U nix-1.0-1.i386.rpm</screen>
+$ rpm -U nix-1.7-1.i386.rpm</screen>
 
 </para>
 
@@ -63,33 +84,22 @@ $ rpm -U nix-1.0-1.i386.rpm</screen>
 install it like this:
 
 <screen>
-$ dpkg -i nix_1.0-1_amd64.deb</screen>
+$ dpkg -i nix_1.7-1_amd64.deb</screen>
 
 </para>
 
 <para>For other platforms, including Mac OS X (Darwin), FreeBSD and
-other Linux distributions, you can download a binary tarball.  It
-contains Nix and all its dependencies.  You should unpack it in the
-root directory, then run <command>nix-finish-install</command>:
+other Linux distributions, you can download a binary tarball that
+contains Nix and all its dependencies.  (This is what the install
+script at <uri>https://nixos.org/nix/install</uri> uses.)  You should
+unpack it somewhere (e.g. in <filename>/tmp</filename>), and then run
+the script named <command>install</command> inside the binary tarball:
 
 <screen>
-$ cd /
-$ tar xfj nix-1.1-x86_64-darwin.tar.bz2
-$ nix-finish-install
-</screen>
-
-After this you can delete
-<filename>/usr/bin/nix-finish-install</filename>.</para>
-
-<para>If you plan to use Nix from a single non-root user account, it’s
-probably convenient to change the ownership of the entire Nix store
-and database to that user account.  In that case, install as follows:
-
-<screen>
-alice$ cd /
-alice$ sudo tar xfj nix-1.1-x86_64-darwin.tar.bz2
-alice$ sudo chown -R alice /nix
-alice$ nix-finish-install
+alice$ cd /tmp
+alice$ tar xfj nix-1.7-x86_64-darwin.tar.bz2
+alice$ cd nix-1.7-x86_64-darwin
+alice$ ./install
 </screen>
 
 </para>
@@ -118,8 +128,7 @@ a source distribution.</para>
 
   <listitem><para>GNU Make.</para></listitem>
 
-  <listitem><para>A fairly recent version of GCC/G++.  Version 2.95
-  and higher should work.  Clang will also work.</para></listitem>
+  <listitem><para>A version of GCC or Clang that supports C++11.</para></listitem>
 
   <listitem><para>Perl 5.8 or higher.</para></listitem>
 
@@ -166,11 +175,10 @@ a source distribution.</para>
 
   <listitem><para>Recent versions of Bison and Flex to build the
   parser.  (This is because Nix needs GLR support in Bison and
-  reentrancy support in Flex.)  For Bison, you need version 2.3 or
-  higher (1.875 does <emphasis>not</emphasis> work), which can be
-  obtained from the <link
+  reentrancy support in Flex.)  For Bison, you need version 2.6, which
+  can be obtained from the <link
   xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP
-  server</link>.  For Flex, you need version 2.5.33, which is
+  server</link>.  For Flex, you need version 2.5.35, which is
   available on <link
   xlink:href="http://lex.sourceforge.net/">SourceForge</link>.
   Slightly older versions may also work, but ancient versions like the
@@ -189,7 +197,7 @@ a source distribution.</para>
 downloaded from the <link
 xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
 You can also grab the <link
-xlink:href="http://hydra.nixos.org/view/nix/trunk/latest/tarball/download-by-type/file/source-dist">most
+xlink:href="http://hydra.nixos.org/job/nix/trunk/release/latest-finished#tabs-constituents">most
 recent development release</link>.</para>
 
 <para>Alternatively, the most recent sources of Nix can be obtained
@@ -381,7 +389,7 @@ group should be the build users group, and it should have the sticky
 bit turned on (like <filename>/tmp</filename>):
 
 <screen>
-$ chgrp nixbld /nix/store
+$ chown root.nixbld /nix/store
 $ chmod 1775 /nix/store
 </screen>
 
@@ -402,15 +410,7 @@ build-users-group = nixbld
 </section>
 
 
-<section><title>Nix store/database owned by root</title>
-
-<para>The simplest setup is to let <literal>root</literal> own the Nix
-store and database.  I.e.,
-
-<screen>
-$ chown -R root /nix/store /nix/var/nix</screen>
-
-</para>
+<section><title>Running the daemon</title>
 
 <para>The <link linkend="sec-nix-daemon">Nix daemon</link> should be
 started as follows (as <literal>root</literal>):
@@ -434,72 +434,6 @@ into the users’ login scripts.</para>
 </section>
 
 
-<section><title>Nix store/database not owned by root</title>
-
-<para>It is also possible to let the Nix store and database be owned
-by a non-root user, which should be more secure<footnote><para>Note
-however that even when the Nix daemon runs as root, not
-<emphasis>that</emphasis> much code is executed as root: Nix
-expression evaluation is performed by the calling (unprivileged) user,
-and builds are performed under the special build user accounts.  So
-only the code that accesses the database and starts builds is executed
-as <literal>root</literal>.</para></footnote>.  Typically, this user
-is a special account called <literal>nix</literal>, but it can be
-named anything.  It should own the Nix store and database:
-
-<screen>
-$ chown -R nix /nix/store /nix/var/nix</screen>
-
-and of course <command>nix-daemon</command> should be started under
-that user, e.g.,
-
-<screen>
-$ su - nix -c "exec /nix/bin/nix-daemon"</screen>
-
-</para>
-
-<para>There is a catch, though: non-<literal>root</literal> users
-cannot start builds under the build user accounts, since the
-<function>setuid</function> system call is obviously privileged.  To
-allow a non-<literal>root</literal> Nix daemon to use the build user
-feature, it calls a setuid-root helper program,
-<command>nix-setuid-helper</command>.  This program is installed in
-<filename><replaceable>prefix</replaceable>/libexec/nix-setuid-helper</filename>.
-To set the permissions properly (Nix’s <command>make install</command>
-doesn’t do this, since we don’t want to ship setuid-root programs
-out-of-the-box):
-
-<screen>
-$ chown root.root /nix/libexec/nix-setuid-helper
-$ chmod 4755 /nix/libexec/nix-setuid-helper
-</screen>
-
-(This example assumes that the Nix binaries are installed in
-<filename>/nix</filename>.)</para>
-
-<para>Of course, the <command>nix-setuid-helper</command> command
-should not be usable by just anybody, since then anybody could run
-commands under the Nix build user accounts.  For that reason there is
-a configuration file <filename>/etc/nix-setuid.conf</filename> that
-restricts the use of the helper.  This file should be a text file
-containing precisely two lines, the first being the Nix daemon user
-and the second being the build users group, e.g.,
-
-<programlisting>
-nix
-nixbld
-</programlisting>
-
-The setuid-helper barfs if it is called by a user other than the one
-specified on the first line, or if it is asked to execute a build
-under a user who is not a member of the group specified on the second
-line.  The file <filename>/etc/nix-setuid.conf</filename> must be
-owned by root, and must not be group- or world-writable.  The
-setuid-helper barfs if this is not the case.</para>
-
-</section>
-
-
 <section><title>Restricting access</title>
 
 <para>To limit which users can perform Nix operations, you can use the
@@ -539,7 +473,7 @@ a symbolic link to the current <emphasis>user environment</emphasis>
 installed packages).  The simplest way to set the required environment
 variables is to include the file
 <filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename>
-in your <filename>~/.bashrc</filename> (or similar), like this:</para>
+in your <filename>~/.profile</filename> (or similar), like this:</para>
 
 <screen>
 source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen>

doc/manual/introduction.xml

@@ -254,33 +254,6 @@ xlink:href="http://nixos.org/">NixOS homepage</link>.</para>
 </section>
 
 
-<section><title>About us</title>
-
-<para>Nix was originally developed at the <link
-xlink:href="http://www.cs.uu.nl/">Department of Information and
-Computing Sciences</link>, Utrecht University by the <link
-xlink:href="http://www.cs.uu.nl/wiki/Trace/WebHome">TraCE
-project</link> (2003-2008).  The project was funded by the Software
-Engineering Research Program <link
-xlink:href="http://www.jacquard.nl/">Jacquard</link> to improve the
-support for variability in software systems.  Further funding was
-provided by the NIRICT LaQuSo Build Farm project.  Development is
-currently supported by <link
-xlink:href="http://www.logicblox.com/">LogicBlox</link>.</para>
-
-</section>
-
-
-<section><title>About this manual</title>
-
-<para>This manual tells you how to install and use Nix and how to
-write Nix expressions for software not already in the Nix Packages
-collection.  It also discusses some advanced topics, such as setting
-up distributed multi-platform building.</para>
-
-</section>
-
-
 <section><title>License</title>
 
 <para>Nix is free software; you can redistribute it and/or modify it
@@ -297,41 +270,4 @@ Lesser General Public License for more details.</para>
 </section>
 
 
-<section><title>More information</title>
-
-<para>Some background information on Nix can be found in a number of
-papers.  The ICSE 2004 paper <citetitle
-xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/immdsd-icse2004-final.pdf'>Imposing
-a Memory Management Discipline on Software Deployment</citetitle>
-discusses the hashing mechanism used to ensure reliable dependency
-identification and non-interference between different versions and
-variants of packages.  The LISA 2004 paper <citetitle
-xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/nspfssd-lisa2004-final.pdf'>Nix:
-A Safe and Policy-Free System for Software Deployment</citetitle>
-gives a more general discussion of Nix from a system-administration
-perspective.  The CBSE 2005 paper <citetitle
-xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/eupfcdm-cbse2005-final.pdf'>Efficient
-Upgrading in a Purely Functional Component Deployment Model
-</citetitle> is about transparent patch deployment in Nix.  The SCM-12
-paper <citetitle
-xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/servicecm-scm12-final.pdf'>
-Service Configuration Management</citetitle> shows how services (e.g.,
-web servers) can be deployed and managed through Nix.  An overview of
-NixOS is given in the JFP article <citetitle
-xlink:href="http://www.st.ewi.tudelft.nl/~dolstra/pubs/nixos-jfp-final.pdf">NixOS:
-A Purely Functional Linux Distribution</citetitle>.  The Nix homepage
-has <link xlink:href="http://nixos.org/docs/papers.html">an up-to-date
-list of Nix-related papers</link>.</para>
-
-<para>Nix is the subject of Eelco Dolstra’s PhD thesis <citetitle
-xlink:href="http://igitur-archive.library.uu.nl/dissertations/2006-0118-200031/index.htm">The
-Purely Functional Software Deployment Model</citetitle>, which
-contains most of the papers listed above.</para>
-
-<para>Nix has a homepage at <link
-xlink:href="http://nixos.org/"/>.</para>
-
-</section>
-
-
 </chapter>

doc/manual/local.mk

@@ -0,0 +1,113 @@
+XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
+  --param section.autolabel 1 \
+  --param section.label.includes.component.label 1 \
+  --param html.stylesheet \'style.css\' \
+  --param xref.with.number.and.title 1 \
+  --param toc.section.depth 3 \
+  --param admon.style \'\' \
+  --param callout.graphics.extension \'.gif\' \
+  --param contrib.inline.enabled 0
+
+MANUAL_SRCS := $(wildcard $(d)/*.xml)
+
+
+# Do XInclude processing / RelaxNG validation
+$(d)/manual.xmli: $(d)/manual.xml $(MANUAL_SRCS) $(d)/version.txt
+	$(trace-gen) $(xmllint) --nonet --xinclude $< -o $@.tmp
+	@mv $@.tmp $@
+
+$(d)/version.txt:
+	$(trace-gen) echo -n $(PACKAGE_VERSION) > $@
+
+# Note: RelaxNG validation requires xmllint >= 2.7.4.
+$(d)/manual.is-valid: $(d)/manual.xmli
+	$(trace-gen) $(XSLTPROC) --novalid --stringparam profile.condition manual \
+	  $(docbookxsl)/profiling/profile.xsl $< 2> /dev/null | \
+	  $(xmllint) --nonet --noout --relaxng $(docbookrng)/docbook.rng -
+	@touch $@
+
+clean-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
+
+dist-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
+
+
+# Generate man pages.
+man-pages := $(foreach n, \
+  nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \
+  nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+  nix-prefetch-url.1 nix-channel.1 \
+  nix-install-package.1 nix-hash.1 nix-copy-closure.1 \
+  nix.conf.5 nix-daemon.8, \
+  $(d)/$(n))
+
+$(man-pages): $(d)/manual.xmli $(d)/manual.is-valid
+	$(trace-gen) $(XSLTPROC) --stringparam profile.condition manpage \
+	  $(docbookxsl)/profiling/profile.xsl $< 2> /dev/null | \
+	  (cd doc/manual && $(XSLTPROC) $(docbookxsl)/manpages/docbook.xsl -)
+
+clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
+
+dist-files += $(man-pages)
+
+
+# Generate the HTML manual.
+$(d)/manual.html: $(d)/manual.xml $(MANUAL_SRCS) $(d)/manual.is-valid
+	$(trace-gen) $(XSLTPROC) --xinclude --stringparam profile.condition manual \
+	  $(docbookxsl)/profiling/profile.xsl $< | \
+	  $(XSLTPROC) --output $@ $(docbookxsl)/html/docbook.xsl -
+
+$(foreach file, $(d)/manual.html $(d)/style.css, $(eval $(call install-data-in, $(file), $(docdir)/manual)))
+
+$(foreach file, $(wildcard $(d)/figures/*.png), $(eval $(call install-data-in, $(file), $(docdir)/manual/figures)))
+
+$(foreach file, $(wildcard $(d)/images/callouts/*.gif), $(eval $(call install-data-in, $(file), $(docdir)/manual/images/callouts)))
+
+$(eval $(call install-symlink, manual.html, $(docdir)/manual/index.html))
+
+all: $(d)/manual.html
+
+clean-files += $(d)/manual.html
+
+dist-files += $(d)/manual.html
+
+
+# Generate the PDF manual.
+$(d)/manual.pdf: $(d)/manual.xml $(MANUAL_SRCS) $(d)/manual.is-valid
+	$(trace-gen) if test "$(dblatex)" != ""; then \
+		cd doc/manual && $(XSLTPROC) --xinclude --stringparam profile.condition manual \
+		  $(docbookxsl)/profiling/profile.xsl manual.xml | \
+		  $(dblatex) -o $(notdir $@) $(dblatex_opts) -; \
+	else \
+		echo "Please install dblatex and rerun configure."; \
+		exit 1; \
+	fi
+
+clean-files += $(d)/manual.pdf
+
+
+# Generate the release notes.
+
+NEWS_OPTS = \
+ --stringparam generate.toc "article nop" \
+ --stringparam section.autolabel.max.depth 0 \
+ --stringparam header.rule 0
+
+$(d)/release-notes.html: $(d)/release-notes.xml
+	$(trace-gen) $(XSLTPROC) --xinclude --output $@ $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl $<
+
+NEWS: $(d)/release-notes.xml
+	$(trace-gen) $(XSLTPROC) --xinclude doc/manual/quote-literals.xsl $< | \
+	  $(XSLTPROC) --output $@.tmp.html $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl - && \
+	LANG=en_US.UTF-8 $(w3m) -dump $@.tmp.html > $@.tmp && \
+	sed -e 's/●/*/g' -e 's/○/-/g' -e 's/━/-/g' < $@.tmp > NEWS && \
+	rm $@.tmp $@.tmp.html
+
+dist-files += NEWS $(d)/release-notes.html
+
+clean-files += NEWS $(d)/release-notes.html
+
+all: $(d)/release-notes.html NEWS
+
+$(foreach file, $(d)/release-notes.html, $(eval $(call install-data-in, $(file), $(docdir)/manual)))

doc/manual/manual.xml

@@ -19,15 +19,15 @@
     </author>
 
     <copyright>
-      <year>2004-2012</year>
+      <year>2004-2013</year>
       <holder>Eelco Dolstra</holder>
     </copyright>
 
-    <date>May 2012</date>
-    
+    <date>July 2013</date>
+
   </info>
 
-  
+
   <xi:include href="introduction.xml" />
   <xi:include href="quick-start.xml" />
   <xi:include href="installation.xml" />
@@ -40,43 +40,45 @@
     <title>Command Reference</title>
     <xi:include href="opt-common.xml" />
     <xi:include href="env-common.xml" />
-    
+
     <section>
       <title>Main commands</title>
       <xi:include href="nix-env.xml" />
-      <xi:include href="nix-instantiate.xml" />
+      <xi:include href="nix-build.xml" />
+      <xi:include href="nix-shell.xml" />
       <xi:include href="nix-store.xml" />
     </section>
-    
+
     <section>
       <title>Utilities</title>
-      <xi:include href="nix-build.xml" />
       <xi:include href="nix-channel.xml" />
       <xi:include href="nix-collect-garbage.xml" />
       <xi:include href="nix-copy-closure.xml" />
+      <xi:include href="nix-daemon.xml" />
       <xi:include href="nix-hash.xml" />
       <xi:include href="nix-install-package.xml" />
+      <xi:include href="nix-instantiate.xml" />
       <xi:include href="nix-prefetch-url.xml" />
       <xi:include href="nix-pull.xml" />
       <xi:include href="nix-push.xml" />
-      <xi:include href="nix-daemon.xml" />
     </section>
 
     <section>
       <title>Files</title>
       <xi:include href="conf-file.xml" />
     </section>
-    
+
   </appendix>
 
   <xi:include href="troubleshooting.xml" />
   <!-- <xi:include href="bugs.xml" /> -->
   <xi:include href="glossary.xml" />
+  <xi:include href="hacking.xml" />
 
   <appendix>
     <title>Nix Release Notes</title>
     <xi:include href="release-notes.xml"
                 xpointer="xmlns(x=http://docbook.org/ns/docbook)xpointer(x:article/x:section)" />
   </appendix>
-    
+
 </book>

doc/manual/nix-build.xml

@@ -38,11 +38,6 @@
       </group>
       <replaceable>outlink</replaceable>
     </arg>
-    <arg>
-      <option>--run-env</option>
-      <arg><option>--command</option> <replaceable>cmd</replaceable></arg>
-      <arg><option>--exclude</option> <replaceable>regexp</replaceable></arg>
-    </arg>
     <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
@@ -75,13 +70,6 @@ a root of the Nix garbage collector.  This root disappears
 automatically when the <filename>result</filename> symlink is deleted
 or renamed.  So don’t rename the symlink.</para></warning>
 
-<para>The subcommand <command>nix-build --run-env</command> will build
-the dependencies of the derivation, but not the derivation itself.  It
-will then start an interactive shell in which all environment
-variables defined by the derivation have been set to their
-corresponding values.  This is useful for reproducing the environment
-of a derivation for development.</para>
-
 </refsection>
 
 
@@ -134,32 +122,12 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
 </variablelist>
 
+<para>The following common options are supported:</para>
+
 <variablelist condition="manpage">
   <xi:include href="opt-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='opt-common']/*)" />
 </variablelist>
 
-<para>The following options apply to <command>nix-build --run-env</command>.</para>
-
-<variablelist>
-
-  <varlistentry><term><option>--command</option> <replaceable>cmd</replaceable></term>
-
-    <listitem><para>In the environment of the derivation, executeq the
-    command <replaceable>cmd</replaceable> instead of the default
-    interactive shell.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--exclude</option> <replaceable>regexp</replaceable></term>
-
-    <listitem><para>Do not build any dependencies whose store path
-    matches the regular expression <replaceable>regexp</replaceable>.
-    This option may be specified multiple times.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
 </refsection>
 
 
@@ -176,20 +144,6 @@ lrwxrwxrwx  <replaceable>...</replaceable>  result -> /nix/store/d18hyl92g30l...
 $ ls ./result/bin/
 firefox  firefox-config</screen>
 
-<para>To build the dependencies of the package Pan, and start an
-interactive shell in which to build it:
-
-<screen>
-$ nix-build '&lt;nixpkgs>' --run-env -A pan
-$ tar xf $src
-$ cd pan-*
-$ ./configure
-$ make
-$ ./pan/gui/pan
-</screen>
-
-</para>
-
 <para>If a derivation has multiple outputs,
 <command>nix-build</command> will build the default (first) output.
 You can also build all outputs:
@@ -210,6 +164,16 @@ $ nix-build '&lt;nixpkgs>' -A openssl.man
 </screen>
 This will create a symlink <literal>result-man</literal>.</para>
 
+<para>Build a Nix expression given on the command line:
+
+<screen>
+$ nix-build -E 'with import &lt;nixpkgs> { }; runCommand "foo" { } "echo bar > $out"'
+$ cat ./result
+bar
+</screen>
+
+</para>
+
 </refsection>
 
 

doc/manual/nix-collect-garbage.xml

@@ -20,6 +20,7 @@
     <command>nix-collect-garbage</command>
     <arg><option>--delete-old</option></arg>
     <arg><option>-d</option></arg>
+    <arg><option>--delete-older-than</option> <replaceable>period</replaceable></arg>
     <group choice='opt'>
       <arg choice='plain'><option>--print-roots</option></arg>
       <arg choice='plain'><option>--print-live</option></arg>
@@ -35,13 +36,18 @@
 <para>The command <command>nix-collect-garbage</command> is mostly an
 alias of <link linkend="rsec-nix-store-gc"><command>nix-store
 --gc</command></link>, that is, it deletes all unreachable paths in
-the Nix store to clean up your system.  However, it provides an
-additional option <option>-d</option> (<option>--delete-old</option>)
-that deletes all old generations of all profiles in
+the Nix store to clean up your system.  However, it provides two
+additional options: <option>-d</option> (<option>--delete-old</option>),
+which deletes all old generations of all profiles in
 <filename>/nix/var/nix/profiles</filename> by invoking
-<literal>nix-env --delete-generations old</literal> on all profiles.
-Of course, this makes rollbacks to previous configurations
-impossible.</para>
+<literal>nix-env --delete-generations old</literal> on all profiles
+(of course, this makes rollbacks to previous configurations
+impossible); and
+<option>--delete-older-than</option> <replaceable>period</replaceable>,
+where period is a value such as <literal>30d</literal>, which deletes
+all non-current generations that are older than the specified number of
+days in all profiles in <filename>/nix/var/nix/profiles</filename>.
+</para>
 
 </refsection>
 

doc/manual/nix-env.xml

@@ -153,11 +153,10 @@ also <xref linkend="sec-common-options" />.</phrase></para>
     default.</para>
 
     <para>The Nix expressions in this directory are combined into a
-    single attribute set, with each file as an attribute that has the
-    name of the file.  Thus, if <filename>~/.nix-defexpr</filename>
-    contains two files, <filename>foo</filename> and
-    <filename>bar</filename>, then the default Nix expression will
-    essentially be
+    single set, with each file as an attribute that has the name of
+    the file.  Thus, if <filename>~/.nix-defexpr</filename> contains
+    two files, <filename>foo</filename> and <filename>bar</filename>,
+    then the default Nix expression will essentially be
 
 <programlisting>
 {
@@ -209,6 +208,10 @@ also <xref linkend="sec-common-options" />.</phrase></para>
     <arg choice='plain'><option>--preserve-installed</option></arg>
     <arg choice='plain'><option>-P</option></arg>
   </group>
+  <group choice='opt'>
+    <arg choice='plain'><option>--remove-all</option></arg>
+    <arg choice='plain'><option>-r</option></arg>
+  </group>
   <arg choice='plain' rep='repeat'><replaceable>args</replaceable></arg>
 </cmdsynopsis>
 
@@ -272,7 +275,7 @@ number of possible ways:
   linkend="ss-functions">functions</link> that are called with the
   active Nix expression as their single argument.  The derivations
   returned by those function calls are installed.  This allows
-  derivations to be specified in a unambiguous way, which is necessary
+  derivations to be specified in an unambiguous way, which is necessary
   if there are multiple derivations with the same
   name.</para></listitem>
 
@@ -318,6 +321,16 @@ number of possible ways:
 
   </varlistentry>
 
+  <varlistentry><term><option>--remove-all</option></term>
+    <term><option>-r</option></term>
+
+    <listitem><para>Remove all previously installed packages first.
+    This is equivalent to running <literal>nix-env -e '*'</literal>
+    first, except that everything happens in a single
+    transaction.</para></listitem>
+
+  </varlistentry>
+
 </variablelist>
 
 </refsection>
@@ -391,7 +404,7 @@ $ nix-env -f ./foo.nix -i -E \
 I.e., this evaluates to <literal>(f: (f {system =
 "i686-linux";}).subversionWithJava) (import ./foo.nix)</literal>, thus
 selecting the <literal>subversionWithJava</literal> attribute from the
-attribute set returned by calling the function defined in
+set returned by calling the function defined in
 <filename>./foo.nix</filename>.</para>
 
 <para>A dry-run tells you which paths will be downloaded or built from
@@ -692,7 +705,7 @@ firefox-2.0.0.9 <lineannotation>(the current one)</lineannotation>
 $ nix-env --preserve-installed -i firefox-2.0.0.11
 installing `firefox-2.0.0.11'
 building path(s) `/nix/store/myy0y59q3ig70dgq37jqwg1j0rsapzsl-user-environment'
-Collission between `/nix/store/<replaceable>...</replaceable>-firefox-2.0.0.11/bin/firefox'
+collision between `/nix/store/<replaceable>...</replaceable>-firefox-2.0.0.11/bin/firefox'
   and `/nix/store/<replaceable>...</replaceable>-firefox-2.0.0.9/bin/firefox'.
 <lineannotation>(i.e., can’t have two active at the same time)</lineannotation>
 
@@ -771,6 +784,7 @@ $ nix-env --set-flag priority 10 gcc</screen>
   <sbr />
 
   <arg><option>--xml</option></arg>
+  <arg><option>--json</option></arg>
   <arg>
     <group choice='req'>
       <arg choice='plain'><option>--prebuilt-only</option></arg>
@@ -864,6 +878,13 @@ user environment elements, etc. -->
 
   </varlistentry>
 
+  <varlistentry><term><option>--json</option></term>
+
+    <listitem><para>Print the result in a JSON representation suitable
+    for automatic processing by other tools.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
 
     <listitem><para>Show only derivations for which a substitute is
@@ -1146,10 +1167,12 @@ $ nix-env --list-generations
 <refsection><title>Description</title>
 
 <para>This operation deletes the specified generations of the current
-profile.  The generations can be a list of generation numbers, or the
+profile.  The generations can be a list of generation numbers, the
 special value <literal>old</literal> to delete all non-current
-generations.  Periodically deleting old generations is important to
-make garbage collection effective.</para>
+generations, or a value such as <literal>30d</literal> to delete all
+non-current generations older than the specified number of days.
+Periodically deleting old generations is important to make garbage
+collection effective.</para>
 
 </refsection>
 
@@ -1158,6 +1181,8 @@ make garbage collection effective.</para>
 <screen>
 $ nix-env --delete-generations 3 4 8
 
+$ nix-env --delete-generations 30d
+
 $ nix-env -p other_profile --delete-generations old</screen>
 
 </refsection>
@@ -1244,7 +1269,7 @@ wrapper around <option>--list-generations</option> and
 $ nix-env --rollback
 switching from generation 92 to 91
 
-$ nix-env --rolback
+$ nix-env --rollback
 error: no generation older than the current (91) exists</screen>
 
 </refsection>

doc/manual/nix-instantiate.xml

@@ -2,7 +2,7 @@
           xmlns:xlink="http://www.w3.org/1999/xlink"
           xmlns:xi="http://www.w3.org/2001/XInclude"
           xml:id="sec-nix-instantiate">
-  
+
 <refmeta>
   <refentrytitle>nix-instantiate</refentrytitle>
   <manvolnum>1</manvolnum>
@@ -18,7 +18,15 @@
 <refsynopsisdiv>
   <cmdsynopsis>
     <command>nix-instantiate</command>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <group>
+      <arg choice='plain'><option>--parse</option></arg>
+      <arg choice='plain'>
+        <option>--eval</option>
+        <arg><option>--strict</option></arg>
+        <arg><option>--xml</option></arg>
+      </arg>
+    </group>
+    <arg><option>--read-write-mode</option></arg>
     <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
     <arg>
       <group choice='req'>
@@ -29,17 +37,14 @@
     </arg>
     <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
     <arg><option>--indirect</option></arg>
-    <arg>
-      <group choice='req'>
-        <arg choice='plain'><option>--parse-only</option></arg>
-        <arg choice='plain'>
-          <option>--eval-only</option>
-          <arg><option>--strict</option></arg>
-        </arg>
-        <arg choice='plain'><option>--find-file</option></arg>
-      </group>
-      <arg><option>--xml</option></arg>
-    </arg>
+    <group choice='req'>
+      <arg choice='plain'><option>--expr</option></arg>
+      <arg choice='plain'><option>-E</option></arg>
+    </group>
+    <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
+    <sbr/>
+    <command>nix-instantiate</command>
+    <arg choice='plain'><option>--file-file</option></arg>
     <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
@@ -49,8 +54,8 @@
 
 <para>The command <command>nix-instantiate</command> generates <link
 linkend="gloss-derivation">store derivations</link> from (high-level)
-Nix expressions.  It loads and evaluates the Nix expressions in each
-of <replaceable>files</replaceable> (which defaults to
+Nix expressions.  It evaluates the Nix expressions in each of
+<replaceable>files</replaceable> (which defaults to
 <replaceable>./default.nix</replaceable>).  Each top-level expression
 should evaluate to a derivation, a list of derivations, or a set of
 derivations.  The paths of the resulting store derivations are printed
@@ -60,12 +65,6 @@ on standard output.</para>
 <literal>-</literal>, then a Nix expression will be read from standard
 input.</para>
 
-<para>Most users and developers don’t need to use this command
-(<command>nix-env</command> and <command>nix-build</command> perform
-store derivation instantiation from Nix expressions automatically).
-It is most commonly used for implementing new deployment
-policies.</para>
-
 <para condition="manual">See also <xref linkend="sec-common-options"
 /> for a list of common options.</para>
 
@@ -85,25 +84,24 @@ policies.</para>
 
   </varlistentry>
 
-    
-  <varlistentry><term><option>--parse-only</option></term>
-  
+  <varlistentry><term><option>--parse</option></term>
+
     <listitem><para>Just parse the input files, and print their
     abstract syntax trees on standard output in ATerm
     format.</para></listitem>
-    
+
   </varlistentry>
-      
-  <varlistentry><term><option>--eval-only</option></term>
-  
+
+  <varlistentry><term><option>--eval</option></term>
+
     <listitem><para>Just parse and evaluate the input files, and print
     the resulting values on standard output.  No instantiation of
     store derivations takes place.</para></listitem>
-    
+
   </varlistentry>
 
   <varlistentry><term><option>--find-file</option></term>
-  
+
     <listitem><para>Look up the given files in Nix’s search path (as
     specified by the <envar>NIX_PATH</envar> environment variable).
     If found, print the corresponding absolute paths on standard
@@ -112,13 +110,13 @@ policies.</para>
     <literal>nix-instantiate --find-file nixpkgs/default.nix</literal>
     will print
     <literal>/home/alice/nixpkgs/default.nix</literal>.</para></listitem>
-    
+
   </varlistentry>
-      
+
   <varlistentry><term><option>--xml</option></term>
 
-    <listitem><para>When used with <option>--parse-only</option> and
-    <option>--eval-only</option>, print the resulting expression as an
+    <listitem><para>When used with <option>--parse</option> and
+    <option>--eval</option>, print the resulting expression as an
     XML representation of the abstract syntax tree rather than as an
     ATerm.  The schema is the same as that used by the <link
     linkend="builtin-toXML"><function>toXML</function>
@@ -128,7 +126,7 @@ policies.</para>
 
   <varlistentry><term><option>--strict</option></term>
 
-    <listitem><para>When used with <option>--eval-only</option>,
+    <listitem><para>When used with <option>--eval</option>,
     recursively evaluate list elements and attributes.  Normally, such
     sub-expressions are left unevaluated (since the Nix expression
     language is lazy).</para>
@@ -140,6 +138,17 @@ policies.</para>
 
   </varlistentry>
 
+  <varlistentry><term><option>--read-write-mode</option></term>
+
+    <listitem><para>When used with <option>--eval</option>, perform
+    evaluation in read/write mode so nix language features that
+    require it will still work (at the cost of needing to do
+    instantiation of every evaluated derivation).</para>
+
+    </listitem>
+
+  </varlistentry>
+
 </variablelist>
 
 <variablelist condition="manpage">
@@ -168,19 +177,34 @@ dr-xr-xr-x    2 eelco    users        4096 1970-01-01 01:00 lib
 
 </para>
 
+<para>You can also give a Nix expression on the command line:
+
+<screen>
+$ nix-instantiate -E 'with import &lt;nixpkgs> { }; hello'
+/nix/store/j8s4zyv75a724q38cb0r87rlczaiag4y-hello-2.8.drv
+</screen>
+
+This is equivalent to:
+
+<screen>
+$ nix-instantiate '&lt;nixpkgs>' -A hello
+</screen>
+
+</para>
+
 <para>Parsing and evaluating Nix expressions:
 
 <screen>
-$ echo '"foo" + "bar"' | nix-instantiate --parse-only -
-OpPlus(Str("foo"),Str("bar"))
+$ nix-instantiate --parse -E '1 + 2'
+1 + 2
 
-$ echo '"foo" + "bar"' | nix-instantiate --eval-only -
-Str("foobar")
+$ nix-instantiate --eval -E '1 + 2'
+3
 
-$ echo '"foo" + "bar"' | nix-instantiate --eval-only --xml -
+$ nix-instantiate --eval --xml -E '1 + 2'
 <![CDATA[<?xml version='1.0' encoding='utf-8'?>
 <expr>
-  <string value="foobar" />
+  <int value="3" />
 </expr>]]></screen>
 
 </para>
@@ -188,28 +212,28 @@ $ echo '"foo" + "bar"' | nix-instantiate --eval-only --xml -
 <para>The difference between non-strict and strict evaluation:
 
 <screen>
-$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml -
+$ nix-instantiate --eval --xml -E 'rec { x = "foo"; y = x; }'
 <replaceable>...</replaceable><![CDATA[
-    <attr name="x">
-      <string value="foo" />
-    </attr>
-    <attr name="y">
-      <unevaluated />
-    </attr>]]>
+  <attr name="x">
+    <string value="foo" />
+  </attr>
+  <attr name="y">
+    <unevaluated />
+  </attr>]]>
 <replaceable>...</replaceable></screen>
 
 Note that <varname>y</varname> is left unevaluated (the XML
 representation doesn’t attempt to show non-normal forms).
 
 <screen>
-$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml --strict -
+$ nix-instantiate --eval --xml --strict -E 'rec { x = "foo"; y = x; }'
 <replaceable>...</replaceable><![CDATA[
-    <attr name="x">
-      <string value="foo" />
-    </attr>
-    <attr name="y">
-      <string value="foo" />
-    </attr>]]>
+  <attr name="x">
+    <string value="foo" />
+  </attr>
+  <attr name="y">
+    <string value="foo" />
+  </attr>]]>
 <replaceable>...</replaceable></screen>
 
 </para>
@@ -224,6 +248,6 @@ $ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml --strict
 </variablelist>
 
 </refsection>
-  
+
 
 </refentry>

doc/manual/nix-push.xml

@@ -20,6 +20,7 @@
     <command>nix-push</command>
     <arg choice='plain'><option>--dest</option> <replaceable>dest-dir</replaceable></arg>
     <arg><option>--bzip2</option></arg>
+    <arg><option>--none</option></arg>
     <arg><option>--force</option></arg>
     <arg><option>--link</option></arg>
     <arg><option>--manifest</option></arg>
@@ -106,6 +107,12 @@ automatically.</para>
 
   </varlistentry>
 
+  <varlistentry><term><option>--none</option></term>
+
+    <listitem><para>Do not compress NARs.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--force</option></term>
 
     <listitem><para>Overwrite <filename>.narinfo</filename> files if
@@ -252,7 +259,7 @@ The properties that are currently supported are:
     <listitem><para>Each binary cache has a priority (defaulting to
     50).  Binary caches are checked for binaries in order of ascending
     priority; thus a higher number denotes a lower priority.  The
-    binary cache <uri>http://nixos.org/binary-cache</uri> has priority
+    binary cache <uri>http://cache.nixos.org</uri> has priority
     40.</para></listitem>
 
   </varlistentry>
@@ -270,14 +277,14 @@ URL <replaceable>url</replaceable> has a binary for
 <replaceable>p</replaceable>, Nix fetches
 <replaceable>url/h</replaceable>, where <replaceable>h</replaceable>
 is the hash part of <replaceable>p</replaceable>.  Thus, if we have a
-cache <uri>http://nixos.org/binary-cache</uri> and we want to obtain
+cache <uri>http://cache.nixos.org</uri> and we want to obtain
 the store path
 <screen>
 /nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
 </screen>
 then Nix will attempt to fetch
 <screen>
-http://nixos.org/binary-cache/a8922c0h87iilxzzvwn2hmv8x210aqb9.narinfo
+http://cache.nixos.org/a8922c0h87iilxzzvwn2hmv8x210aqb9.narinfo
 </screen>
 (Commands such as <command>nix-env -qas</command> will issue an HTTP
 HEAD request, since it only needs to know if the
@@ -381,7 +388,7 @@ The fields are as follows:
 references exist (e.g.,
 <filename>/nix/store/2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16</filename>),
 Nix will fetch <screen>
-http://nixos.org/binary-cache/nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
+http://cache.nixos.org/nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
 </screen> and decompress and unpack it to
 <filename>/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7</filename>.</para>
 

doc/manual/nix-shell.xml

@@ -0,0 +1,200 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude"
+          xml:id="sec-nix-shell">
+
+<refmeta>
+  <refentrytitle>nix-shell</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-shell</refname>
+  <refpurpose>start an interactive shell based on a Nix expression</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-shell</command>
+    <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg><option>--argstr</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--attr</option></arg>
+        <arg choice='plain'><option>-A</option></arg>
+      </group>
+      <replaceable>attrPath</replaceable>
+    </arg>
+    <arg><option>--command</option> <replaceable>cmd</replaceable></arg>
+    <arg><option>--exclude</option> <replaceable>regexp</replaceable></arg>
+    <arg><option>--pure</option></arg>
+    <group choice='req'>
+      <group choice='plain'>
+        <group>
+          <arg choice='plain'><option>--packages</option></arg>
+          <arg choice='plain'><option>-p</option></arg>
+        </group>
+        <replaceable>packages</replaceable>
+      </group>
+      <arg><replaceable>path</replaceable></arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-shell</command> will build the
+dependencies of the specified derivation, but not the derivation
+itself.  It will then start an interactive shell in which all
+environment variables defined by the derivation
+<replaceable>path</replaceable> have been set to their corresponding
+values, and the script <literal>$stdenv/setup</literal> has been
+sourced.  This is useful for reproducing the environment of a
+derivation for development.</para>
+
+<para>If <replaceable>path</replaceable> is not given,
+<command>nix-shell</command> defaults to
+<filename>shell.nix</filename> if it exists, and
+<filename>default.nix</filename> otherwise.</para>
+
+<para>If the derivation defines the variable
+<varname>shellHook</varname>, it will be evaluated after
+<literal>$stdenv/setup</literal> has been sourced.  Since this hook is
+not executed by regular Nix builds, it allows you to perform
+initialisation specific to <command>nix-shell</command>.  For example,
+the derivation attribute
+
+<programlisting>
+shellHook =
+  ''
+    echo "Hello shell"
+  '';
+</programlisting>
+
+will cause <command>nix-shell</command> to print <literal>Hello shell</literal>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>All options not listed here are passed to <command>nix-store
+--realise</command>, except for <option>--arg</option> and
+<option>--attr</option> / <option>-A</option> which are passed to
+<command>nix-instantiate</command>.  <phrase condition="manual">See
+also <xref linkend="sec-common-options" />.</phrase></para>
+
+<variablelist>
+
+  <varlistentry><term><option>--command</option> <replaceable>cmd</replaceable></term>
+
+    <listitem><para>In the environment of the derivation, run the
+    shell command <replaceable>cmd</replaceable> instead of starting
+    an interactive shell.  However, if you end the shell command with
+    <literal>return</literal>, you still get an interactive shell.
+    This can be useful for doing any additional
+    initialisation.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--exclude</option> <replaceable>regexp</replaceable></term>
+
+    <listitem><para>Do not build any dependencies whose store path
+    matches the regular expression <replaceable>regexp</replaceable>.
+    This option may be specified multiple times.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--pure</option></term>
+
+    <listitem><para>If this flag is specified, the environment is
+    almost entirely cleared before the interactive shell is started,
+    so you get an environment that more closely corresponds to the
+    “real” Nix build.  A few variables, in particular
+    <envar>HOME</envar>, <envar>USER</envar> and
+    <envar>DISPLAY</envar>, are retained.  Note that
+    <filename>~/.bashrc</filename> and (depending on your Bash
+    installation) <filename>/etc/bashrc</filename> are still sourced,
+    so any variables set there will affect the interactive
+    shell.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--packages</option> / <option>-p</option></term>
+
+    <listitem><para>Set up an environment in which the specified
+    packages are present.  The command line arguments are interpreted
+    as attribute names inside the Nix Packages collection.  Thus,
+    <literal>nix-shell -p libjpeg openjdk</literal> will start a shell
+    in which the packages denoted by the attribute names
+    <varname>libjpeg</varname> and <varname>openjdk</varname> are
+    present.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+<para>The following common options are supported:</para>
+
+<variablelist condition="manpage">
+  <xi:include href="opt-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='opt-common']/*)" />
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To build the dependencies of the package Pan, and start an
+interactive shell in which to build it:
+
+<screen>
+$ nix-shell '&lt;nixpkgs>' -A pan
+[nix-shell]$ unpackPhase
+[nix-shell]$ cd pan-*
+[nix-shell]$ configurePhase
+[nix-shell]$ buildPhase
+[nix-shell]$ ./pan/gui/pan
+</screen>
+
+To clear the environment first, and do some additional automatic
+initialisation of the interactive shell:
+
+<screen>
+$ nix-shell '&lt;nixpkgs>' -A pan --pure \
+    --command 'export NIX_DEBUG=1; export NIX_CORES=8; return'
+</screen>
+
+Nix expressions can also be given on the command line.  For instance,
+the following starts a shell containing the packages
+<literal>sqlite</literal> and <literal>libX11</literal>:
+
+<screen>
+$ nix-shell -E 'with import &lt;nixpkgs> { }; runCommand "dummy" { buildInputs = [ sqlite xorg.libX11 ]; } ""'
+</screen>
+
+A shorter way to do the same is:
+
+<screen>
+$ nix-shell -p sqlite xorg.libX11
+[nix-shell]$ echo $NIX_LDFLAGS
+… -L/nix/store/j1zg5v…-sqlite-3.8.0.2/lib -L/nix/store/0gmcz9…-libX11-1.6.1/lib …
+</screen>
+
+</para>
+
+</refsection>
+
+
+<refsection condition="manpage"><title>Environment variables</title>
+
+<variablelist>
+  <xi:include href="env-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='env-common']/*)" />
+</variablelist>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-store.xml

@@ -164,7 +164,7 @@ the specified store paths.  Realisation is a somewhat overloaded term:
   exist in the file system).  If the path is already valid, we are
   done immediately.  Otherwise, the path and any missing paths in its
   closure may be produced through substitutes.  If there are no
-  (succesful) subsitutes, realisation fails.</para></listitem>
+  (successful) subsitutes, realisation fails.</para></listitem>
 
 </itemizedlist>
 
@@ -296,8 +296,12 @@ options control what gets deleted and in what order:
   <varlistentry><term><option>--max-freed</option> <replaceable>bytes</replaceable></term>
   
     <listitem><para>Keep deleting paths until at least
-    <replaceable>bytes</replaceable> bytes have been
-    deleted, then stop.</para></listitem>
+    <replaceable>bytes</replaceable> bytes have been deleted, then
+    stop.  The argument <replaceable>bytes</replaceable> can be
+    followed by the multiplicative suffix <literal>K</literal>,
+    <literal>M</literal>, <literal>G</literal> or
+    <literal>T</literal>, denoting KiB, MiB, GiB or TiB
+    units.</para></listitem>
     
   </varlistentry>
 
@@ -852,7 +856,7 @@ in Nix itself.</para>
 
 <refsection><title>Description</title>
             
-<para>The operation <option>--verify-paths</option> compares the
+<para>The operation <option>--verify-path</option> compares the
 contents of the given store paths to their cryptographic hashes stored
 in Nix’s database.  For every changed path, it prints a warning
 message.  The exit status is 0 if no path has changed, and 1
@@ -1242,9 +1246,9 @@ variable <envar>_args</envar>.</para>
 $ nix-store --print-env $(nix-instantiate '&lt;nixpkgs>' -A firefox)
 <replaceable>…</replaceable>
 export src; src='/nix/store/plpj7qrwcz94z2psh6fchsi7s8yihc7k-firefox-12.0.source.tar.bz2'
-export stdenv; stdenv='/nix/store/7c8asx3yfrg5dg1gzhzyq2236zfgibnm-stdenv'
+export stdenv; stdenv='/nix/store/7c8asx3yfrg5dg1gzhzyq2236zfgibnn-stdenv'
 export system; system='x86_64-linux'
-export _args; _args='-e /nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh'
+export _args; _args='-e /nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25c-default-builder.sh'
 </screen>
 
 </refsection>

doc/manual/opt-common.xml

@@ -8,15 +8,15 @@
 <variablelist xml:id="opt-common">
 
 <varlistentry><term><option>--help</option></term>
-  
+
   <listitem><para>Prints out a summary of the command syntax and
   exits.</para></listitem>
-  
+
 </varlistentry>
 
 
 <varlistentry><term><option>--version</option></term>
-  
+
   <listitem><para>Prints out the Nix version number on standard output
   and exits.</para></listitem>
 </varlistentry>
@@ -26,7 +26,7 @@
   <term><option>-v</option></term>
 
   <listitem>
-    
+
   <para>Increases the level of verbosity of diagnostic messages
   printed on standard error.  For each Nix operation, the information
   printed on standard output is well-defined; any diagnostic
@@ -37,18 +37,18 @@
   following verbosity levels exist:</para>
 
   <variablelist>
-    
+
     <varlistentry><term>0</term>
     <listitem><para>“Errors only”: only print messages
     explaining why the Nix invocation failed.</para></listitem>
     </varlistentry>
-      
+
     <varlistentry><term>1</term>
     <listitem><para>“Informational”: print
     <emphasis>useful</emphasis> messages about what Nix is doing.
     This is the default.</para></listitem>
     </varlistentry>
-      
+
     <varlistentry><term>2</term>
     <listitem><para>“Talkative”: print more informational
     messages.</para></listitem>
@@ -68,11 +68,11 @@
     <listitem><para>“Vomit”: print vast amounts of debug
     information.</para></listitem>
     </varlistentry>
-    
+
   </variablelist>
 
   </listitem>
-  
+
 </varlistentry>
 
 
@@ -85,7 +85,7 @@
   builder's standard output and error are always written to a log file
   in
   <filename><replaceable>prefix</replaceable>/nix/var/log/nix</filename>.</para></listitem>
-  
+
 </varlistentry>
 
 
@@ -99,7 +99,7 @@
   configuration setting, which itself defaults to
   <literal>1</literal>.  A higher value is useful on SMP systems or to
   exploit I/O latency.</para></listitem>
-  
+
 </varlistentry>
 
 
@@ -117,7 +117,7 @@
   configuration setting, if set, or <literal>1</literal> otherwise.
   The value <literal>0</literal> means that the builder should use all
   available CPU cores in the system.</para></listitem>
-  
+
 </varlistentry>
 
 
@@ -151,7 +151,7 @@
   derivation itself.  Without this option, Nix stops if any build
   fails (except for builds of substitutes), possibly killing builds in
   progress (in case of parallel or distributed builds).</para></listitem>
-  
+
 </varlistentry>
 
 
@@ -181,14 +181,14 @@
   from, say, a network repository.  If the repository is down, the
   realisation of the derivation will fail.  When this option is
   specified, Nix will build the derivation instead.  Thus,
-  installation from binaries falls back on nstallation from source.
+  installation from binaries falls back on installation from source.
   This option is not the default since it is generally not desirable
   for a transient failure in obtaining the substitutes to lead to a
   full build from source (with the related consumption of
   resources).</para>
 
   </listitem>
-  
+
 </varlistentry>
 
 
@@ -197,7 +197,7 @@
   <listitem><para>When this option is used, no attempt is made to open
   the Nix database.  Most Nix operations do need database access, so
   those operations will fail.</para></listitem>
-  
+
 </varlistentry>
 
 
@@ -236,7 +236,7 @@
       interpreted by the <command>nix-log2xml</command> tool in the
       Nix source distribution.  The resulting XML file can be fed into
       the <command>log2html.xsl</command> stylesheet to create an HTML
-      file that can be browsed interactively, using Javascript to
+      file that can be browsed interactively, using JavaScript to
       expand and collapse parts of the output.</para></listitem>
 
     </varlistentry>
@@ -247,12 +247,12 @@
 
     </varlistentry>
 
-  </variablelist>    
-  
+  </variablelist>
+
   </para>
 
   </listitem>
-  
+
 </varlistentry>
 
 
@@ -310,10 +310,10 @@
 <varlistentry xml:id="opt-attr"><term><option>--attr</option> / <option>-A</option>
 <replaceable>attrPath</replaceable></term>
 
-  <listitem><para>In <command>nix-env</command>,
-  <command>nix-instantiate</command> and <command>nix-build</command>,
-  <option>--attr</option> allows you to select an attribute from the
-  top-level Nix expression being evaluated.  The <emphasis>attribute
+  <listitem><para>Select an attribute from the top-level Nix
+  expression being evaluated.  (<command>nix-env</command>,
+  <command>nix-instantiate</command>, <command>nix-build</command> and
+  <command>nix-shell</command> only.)  The <emphasis>attribute
   path</emphasis> <replaceable>attrPath</replaceable> is a sequence of
   attribute names separated by dots.  For instance, given a top-level
   Nix expression <replaceable>e</replaceable>, the attribute path
@@ -333,8 +333,18 @@
 </varlistentry>
 
 
+<varlistentry><term><option>--expr</option> / <option>-E</option></term>
+
+  <listitem><para>Interpret the command line arguments as a list of
+  Nix expressions to be parsed and evaluated, rather than as a list
+  of file names of Nix expressions.
+  (<command>nix-instantiate</command>, <command>nix-build</command>
+  and <command>nix-shell</command> only.)</para></listitem>
+
+</varlistentry>
+
 <varlistentry><term><option>--show-trace</option></term>
-  
+
   <listitem><para>Causes Nix to print out a stack trace in case of Nix
   expression evaluation errors.</para></listitem>
 
@@ -342,23 +352,23 @@
 
 
 <varlistentry><term><option>-I</option> <replaceable>path</replaceable></term>
-  
+
   <listitem><para>Add a path to the Nix expression search path.  This
   option may be given multiple times.  See the <envar>NIX_PATH</envar>
   environment variable for information on the semantics of the Nix
   search path.  Paths added through <option>-I</option> take
   precedence over <envar>NIX_PATH</envar>.</para></listitem>
-  
+
 </varlistentry>
 
 
 <varlistentry><term><option>--option</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
-  
+
   <listitem><para>Set the Nix configuration option
   <replaceable>name</replaceable> to <replaceable>value</replaceable>.
   This overrides settings in the Nix configuration file (see
   <citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para></listitem>
-  
+
 </varlistentry>
 
 

doc/manual/package-management.xml

@@ -129,7 +129,7 @@ downloading binaries from <systemitem
 class='fqdomainname'>nixos.org</systemitem>, instead of building
 them from source.  This might still take a while since all
 dependencies must be downloaded, but on a reasonably fast connection
-such as an DSL line it’s on the order of a few minutes.</para>
+such as a DSL line it’s on the order of a few minutes.</para>
 
 <para>Naturally, packages can also be uninstalled:
 
@@ -225,7 +225,7 @@ uses is to create directory trees of symlinks to
 themselves (though automatically generated by
 <command>nix-env</command>), so they too reside in the Nix store.  For
 instance, in <xref linkend='fig-user-environments' /> the user
-environment <filename>/nix/store/5mq2jcn36ldl...-user-env</filename>
+environment <filename>/nix/store/0c1p5z4kda11...-user-env</filename>
 contains a symlink to just Subversion 1.1.2 (arrows in the figure
 indicate symlinks).  This would be what we would obtain if we had done
 

doc/manual/quick-start.xml

@@ -11,55 +11,22 @@ to the following chapters.</para>
 
 <orderedlist>
 
-<listitem><para>Download a source tarball or RPM or Debian/Ubuntu
-package from <link xlink:href='http://nixos.org/'/>.  Build source
-distributions using the regular sequence:
-        
-<screen>
-$ tar xvfj nix-<replaceable>version</replaceable>.tar.bz2
-$ ./configure
-$ make
-$ make install <lineannotation>(as root)</lineannotation></screen>
-
-This will install the Nix binaries in <filename>/usr/local</filename>
-and keep the Nix store and other state in <filename>/nix</filename>.
-You can change the former by specifying
-<option>--prefix=<replaceable>path</replaceable></option>.  The
-location of the store can be changed using
-<option>--with-store-dir=<replaceable>path</replaceable></option>.
-However, you shouldn't change the store location, if at all possible,
-since that will make it impossible to use pre-built binaries from the
-Nixpkgs channel and other channels.  The location of the state can be
-changed using
-<option>--localstatedir=<replaceable>path</replaceable>.</option></para></listitem>
-
-<listitem><para>You should add
-<filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename>
-to your <filename>~/.bashrc</filename> (or some other login
-file).</para></listitem>
-
-<listitem><para>Subscribe to the Nix Packages channel.
+<listitem><para>Install Nix by running the following:
 
 <screen>
-$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable</screen>
+$ bash &lt;(curl https://nixos.org/nix/install)
+</screen>
 
-</para></listitem>
-
-<listitem><para>Download the latest Nix expressions available in the channel.
-<screen>
-$ nix-channel --update</screen>
-
-Note that this in itself doesn't download any packages, it just
-downloads the Nix expressions that build them and stores them
-somewhere (under <filename>~/.nix-defexpr</filename>, in case you're
-curious).  Also, it registers the fact that pre-built binaries are
-available remotely.</para></listitem>
+This will install Nix in <filename>/nix</filename>. The install script
+will create <filename>/nix</filename> using <command>sudo</command>,
+so make sure you have sufficient rights.  (For other installation
+methods, see <xref linkend="chap-installation"/>.)</para></listitem>
 
 <listitem><para>See what installable packages are currently available
 in the channel:
 
 <screen>
-$ nix-env -qa \*
+$ nix-env -qa
 docbook-xml-4.2
 firefox-1.0pre-PR-0.10.1
 hello-2.1.1
@@ -69,9 +36,9 @@ libxslt-1.1.0
 </para></listitem>
 
 <listitem><para>Install some packages from the channel:
-        
+
 <screen>
-$ nix-env -i hello firefox <replaceable>...</replaceable> </screen>
+$ nix-env -i hello <replaceable>...</replaceable> </screen>
 
 This should download pre-built packages; it should not build them
 locally (if it does, something went wrong).</para></listitem>
@@ -83,11 +50,10 @@ $ which hello
 /home/eelco/.nix-profile/bin/hello
 $ hello
 Hello, world!
-$ firefox
-<lineannotation>(read Slashdot or something)</lineannotation></screen>
+</screen>
 
 </para></listitem>
-    
+
 <listitem><para>Uninstall a package:
 
 <screen>
@@ -98,7 +64,7 @@ $ nix-env -e hello</screen>
 <listitem><para>To keep up-to-date with the channel, do:
 
 <screen>
-$ nix-channel --update
+$ nix-channel --update nixpkgs
 $ nix-env -u '*'</screen>
 
 The latter command will upgrade each installed package for which there

doc/manual/quote-literals.xsl

@@ -7,9 +7,9 @@
   extension-element-prefixes="str">
 
   <xsl:output method="xml"/>
-  
+
   <xsl:template match="function|command|literal|varname|filename|option|quote">`<xsl:apply-templates/>'</xsl:template>
-  
+
   <xsl:template match="token"><xsl:text>    </xsl:text><xsl:apply-templates /><xsl:text>
 </xsl:text></xsl:template>
 
@@ -21,7 +21,7 @@
     <section>
       <xsl:apply-templates />
       <screen><xsl:text>
-      </xsl:text></screen>        
+      </xsl:text></screen>
     </section>
   </xsl:template>
 
@@ -37,8 +37,4 @@
     </xsl:element>
   </xsl:template>
 
-  <xsl:template match="text()">
-    <xsl:value-of select="translate(., '‘’“”—', concat(&quot;`'&quot;, '&quot;&quot;-'))" />
-  </xsl:template>
-  
 </xsl:stylesheet>

doc/manual/release-notes.xml

@@ -5,6 +5,536 @@
 <title>Nix Release Notes</title>
 
 
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.7"><title>Release 1.7 (April 11, 2014)</title>
+
+<para>In addition to the usual bug fixes, this release has the
+following new features:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>Antiquotation is now allowed inside of quoted attribute
+    names (e.g. <literal>set."${foo}"</literal>). In the case where
+    the attribute name is just a single antiquotation, the quotes can
+    be dropped (e.g. the above example can be written
+    <literal>set.${foo}</literal>). If an attribute name inside of a
+    set declaration evaluates to <literal>null</literal> (e.g.
+    <literal>{ ${null} = false; }</literal>), then that attribute is
+    not added to the set.</para>
+  </listitem>
+
+  <listitem>
+    <para>Experimental support for cryptographically signed binary
+    caches.  See <link
+    xlink:href="https://github.com/NixOS/nix/commit/0fdf4da0e979f992db75cc17376e455ddc5a96d8">the
+    commit for details</link>.</para>
+  </listitem>
+
+  <listitem>
+    <para>An experimental new substituter,
+    <command>download-via-ssh</command>, that fetches binaries from
+    remote machines via SSH.  Specifying the flags <literal>--option
+    use-ssh-substituter true --option ssh-substituter-hosts
+    <replaceable>user@hostname</replaceable></literal> will cause Nix
+    to download binaries from the specified machine, if it has
+    them.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-store -r</command> and
+    <command>nix-build</command> have a new flag,
+    <option>--check</option>, that builds a previously built
+    derivation again, and prints an error message if the output is not
+    exactly the same. This helps to verify whether a derivation is
+    truly deterministic.  For example:
+
+<screen>
+$ nix-build '&lt;nixpkgs>' -A patchelf
+<replaceable>…</replaceable>
+$ nix-build '&lt;nixpkgs>' -A patchelf --check
+<replaceable>…</replaceable>
+error: derivation `/nix/store/1ipvxs…-patchelf-0.6' may not be deterministic:
+  hash mismatch in output `/nix/store/4pc1dm…-patchelf-0.6.drv'
+</screen>
+
+    </para>
+
+  </listitem>
+
+  <listitem>
+    <para>The <command>nix-instantiate</command> flags
+    <option>--eval-only</option> and <option>--parse-only</option>
+    have been renamed to <option>--eval</option> and
+    <option>--parse</option>, respectively.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-instantiate</command>,
+    <command>nix-build</command> and <command>nix-shell</command> now
+    have a flag <option>--expr</option> (or <option>-E</option>) that
+    allows you to specify the expression to be evaluated as a command
+    line argument.  For instance, <literal>nix-instantiate --eval -E
+    '1 + 2'</literal> will print <literal>3</literal>.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-shell</command> improvements:</para>
+
+    <itemizedlist>
+
+      <listitem>
+        <para>It has a new flag, <option>--packages</option> (or
+        <option>-p</option>), that sets up a build environment
+        containing the specified packages from Nixpkgs. For example,
+        the command
+
+<screen>
+$ nix-shell -p sqlite xorg.libX11 hello
+</screen>
+
+        will start a shell in which the given packages are
+        present.</para>
+      </listitem>
+
+      <listitem>
+        <para>It now uses <filename>shell.nix</filename> as the
+        default expression, falling back to
+        <filename>default.nix</filename> if the former doesn’t
+        exist.  This makes it convenient to have a
+        <filename>shell.nix</filename> in your project to set up a
+        nice development environment.</para>
+      </listitem>
+
+      <listitem>
+        <para>It evaluates the derivation attribute
+        <varname>shellHook</varname>, if set. Since
+        <literal>stdenv</literal> does not normally execute this hook,
+        it allows you to do <command>nix-shell</command>-specific
+        setup.</para>
+      </listitem>
+
+      <listitem>
+        <para>It preserves the user’s timezone setting.</para>
+      </listitem>
+
+    </itemizedlist>
+
+  </listitem>
+
+  <listitem>
+    <para>In chroots, Nix now sets up a <filename>/dev</filename>
+    containing only a minimal set of devices (such as
+    <filename>/dev/null</filename>). Note that it only does this if
+    you <emphasis>don’t</emphasis> have <filename>/dev</filename>
+    listed in your <option>build-chroot-dirs</option> setting;
+    otherwise, it will bind-mount the <literal>/dev</literal> from
+    outside the chroot.</para>
+
+    <para>Similarly, if you don’t have <filename>/dev/pts</filename> listed
+    in <option>build-chroot-dirs</option>, Nix will mount a private
+    <literal>devpts</literal> filesystem on the chroot’s
+    <filename>/dev/pts</filename>.</para>
+
+  </listitem>
+
+  <listitem>
+    <para>New built-in function: <function>builtins.toJSON</function>,
+    which returns a JSON representation of a value.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-env -q</command> has a new flag
+    <option>--json</option> to print a JSON representation of the
+    installed or available packages.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-env</command> now supports meta attributes with
+    more complex values, such as attribute sets.</para>
+  </listitem>
+
+  <listitem>
+    <para>The <option>-A</option> flag now allows attribute names with
+    dots in them, e.g.
+
+<screen>
+$ nix-instantiate --eval '&lt;nixos>' -A 'config.systemd.units."nscd.service".text'
+</screen>
+
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>The <option>--max-freed</option> option to
+    <command>nix-store --gc</command> now accepts a unit
+    specifier. For example, <literal>nix-store --gc --max-freed
+    1G</literal> will free up to 1 gigabyte of disk space.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-collect-garbage</command> has a new flag
+    <option>--delete-older-than</option>
+    <replaceable>N</replaceable><literal>d</literal>, which deletes
+    all user environment generations older than
+    <replaceable>N</replaceable> days.  Likewise, <command>nix-env
+    --delete-generations</command> accepts a
+    <replaceable>N</replaceable><literal>d</literal> age limit.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix now heuristically detects whether a build failure was
+    due to a disk-full condition. In that case, the build is not
+    flagged as “permanently failed”. This is mostly useful for Hydra,
+    which needs to distinguish between permanent and transient build
+    failures.</para>
+  </listitem>
+
+  <listitem>
+    <para>There is a new symbol <literal>__curPos</literal> that
+    expands to an attribute set containing its file name and line and
+    column numbers, e.g. <literal>{ file = "foo.nix"; line = 10;
+    column = 5; }</literal>.  There also is a new builtin function,
+    <varname>unsafeGetAttrPos</varname>, that returns the position of
+    an attribute.  This is used by Nixpkgs to provide location
+    information in error messages, e.g.
+
+<screen>
+$ nix-build '&lt;nixpkgs>' -A libreoffice --argstr system x86_64-darwin
+error: the package ‘libreoffice-4.0.5.2’ in ‘.../applications/office/libreoffice/default.nix:263’
+  is not supported on ‘x86_64-darwin’
+</screen>
+
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>The garbage collector is now more concurrent with other Nix
+    processes because it releases certain locks earlier.</para>
+  </listitem>
+
+  <listitem>
+    <para>The binary tarball installer has been improved.  You can now
+    install Nix by running:
+
+<screen>
+$ bash &lt;(curl https://nixos.org/nix/install)
+</screen>
+
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>More evaluation errors include position information. For
+    instance, selecting a missing attribute will print something like
+
+<screen>
+error: attribute `nixUnstabl' missing, at /etc/nixos/configurations/misc/eelco/mandark.nix:216:15
+</screen>
+
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>The command <command>nix-setuid-helper</command> is
+    gone.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix no longer uses Automake, but instead has a
+    non-recursive, GNU Make-based build system.</para>
+  </listitem>
+
+  <listitem>
+    <para>All installed libraries now have the prefix
+    <literal>libnix</literal>.  In particular, this gets rid of
+    <literal>libutil</literal>, which could clash with libraries with
+    the same name from other packages.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix now requires a compiler that supports C++11.</para>
+  </listitem>
+
+</itemizedlist>
+
+<para>This release has contributions from Danny Wilson, Domen Kožar,
+Eelco Dolstra, Ian-Woo Kim, Ludovic Courtès, Maxim Ivanov, Petr
+Rockai, Ricardo M. Correia and Shea Levy.</para>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.6.1"><title>Release 1.6.1 (October 28, 2013)</title>
+
+<para>This is primarily a bug fix release.  Changes of interest
+are:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>Nix 1.6 accidentally changed the semantics of antiquoted
+    paths in strings, such as <literal>"${/foo}/bar"</literal>.  This
+    release reverts to the Nix 1.5.3 behaviour.</para>
+  </listitem>
+
+  <listitem>
+    <para>Previously, Nix optimised expressions such as
+    <literal>"${<replaceable>expr</replaceable>}"</literal> to
+    <replaceable>expr</replaceable>.  Thus it neither checked whether
+    <replaceable>expr</replaceable> could be coerced to a string, nor
+    applied such coercions.  This meant that
+    <literal>"${123}"</literal> evaluatued to <literal>123</literal>,
+    and <literal>"${./foo}"</literal> evaluated to
+    <literal>./foo</literal> (even though
+    <literal>"${./foo} "</literal> evaluates to
+    <literal>"/nix/store/<replaceable>hash</replaceable>-foo "</literal>).
+    Nix now checks the type of antiquoted expressions and
+    applies coercions.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix now shows the exact position of undefined variables.  In
+    particular, undefined variable errors in a <literal>with</literal>
+    previously didn't show <emphasis>any</emphasis> position
+    information, so this makes it a lot easier to fix such
+    errors.</para>
+  </listitem>
+
+  <listitem>
+    <para>Undefined variables are now treated consistently.
+    Previously, the <function>tryEval</function> function would catch
+    undefined variables inside a <literal>with</literal> but not
+    outside.  Now <function>tryEval</function> never catches undefined
+    variables.</para>
+  </listitem>
+
+  <listitem>
+    <para>Bash completion in <command>nix-shell</command> now works
+    correctly.</para>
+  </listitem>
+
+  <listitem>
+    <para>Stack traces are less verbose: they no longer show calls to
+    builtin functions and only show a single line for each derivation
+    on the call stack.</para>
+  </listitem>
+
+  <listitem>
+    <para>New built-in function: <function>builtins.typeOf</function>,
+    which returns the type of its argument as a string.</para>
+  </listitem>
+
+</itemizedlist>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.6.0"><title>Release 1.6 (September 10, 2013)</title>
+
+<para>In addition to the usual bug fixes, this release has several new
+features:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>The command <command>nix-build --run-env</command> has been
+    renamed to <command>nix-shell</command>.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-shell</command> now sources
+    <filename>$stdenv/setup</filename> <emphasis>inside</emphasis> the
+    interactive shell, rather than in a parent shell.  This ensures
+    that shell functions defined by <literal>stdenv</literal> can be
+    used in the interactive shell.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-shell</command> has a new flag
+    <option>--pure</option> to clear the environment, so you get an
+    environment that more closely corresponds to the “real” Nix build.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-shell</command> now sets the shell prompt
+    (<envar>PS1</envar>) to ensure that Nix shells are distinguishable
+    from your regular shells.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-env</command> no longer requires a
+    <literal>*</literal> argument to match all packages, so
+    <literal>nix-env -qa</literal> is equivalent to <literal>nix-env
+    -qa '*'</literal>.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-env -i</command> has a new flag
+    <option>--remove-all</option> (<option>-r</option>) to remove all
+    previous packages from the profile.  This makes it easier to do
+    declarative package management similar to NixOS’s
+    <option>environment.systemPackages</option>.  For instance, if you
+    have a specification <filename>my-packages.nix</filename> like this:
+
+<programlisting>
+with import &lt;nixpkgs> {};
+[ thunderbird
+  geeqie
+  ...
+]
+</programlisting>
+
+    then after any change to this file, you can run:
+
+<screen>
+$ nix-env -f my-packages.nix -ir
+</screen>
+
+    to update your profile to match the specification.</para>
+  </listitem>
+
+  <listitem>
+    <para>The ‘<literal>with</literal>’ language construct is now more
+    lazy.  It only evaluates its argument if a variable might actually
+    refer to an attribute in the argument.  For instance, this now
+    works:
+
+<programlisting>
+let
+  pkgs = with pkgs; { foo = "old"; bar = foo; } // overrides;
+  overrides = { foo = "new"; };
+in pkgs.bar
+</programlisting>
+
+    This evaluates to <literal>"new"</literal>, while previously it
+    gave an “infinite recursion” error.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix now has proper integer arithmetic operators. For
+    instance, you can write <literal>x + y</literal> instead of
+    <literal>builtins.add x y</literal>, or <literal>x &lt;
+    y</literal> instead of <literal>builtins.lessThan x y</literal>.
+    The comparison operators also work on strings.</para>
+  </listitem>
+
+  <listitem>
+    <para>On 64-bit systems, Nix integers are now 64 bits rather than
+    32 bits.</para>
+  </listitem>
+
+  <listitem>
+    <para>When using the Nix daemon, the <command>nix-daemon</command>
+    worker process now runs on the same CPU as the client, on systems
+    that support setting CPU affinity.  This gives a significant speedup
+    on some systems.</para>
+  </listitem>
+
+  <listitem>
+    <para>If a stack overflow occurs in the Nix evaluator, you now get
+    a proper error message (rather than “Segmentation fault”) on some
+    systems.</para>
+  </listitem>
+
+  <listitem>
+    <para>In addition to directories, you can now bind-mount regular
+    files in chroots through the (now misnamed) option
+    <option>build-chroot-dirs</option>.</para>
+  </listitem>
+
+</itemizedlist>
+
+<para>This release has contributions from Domen Kožar, Eelco Dolstra,
+Florian Friesdorf, Gergely Risko, Ivan Kozik, Ludovic Courtès and Shea
+Levy.</para>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.5.3"><title>Release 1.5.3 (June 17, 2013)</title>
+
+<para>This is primarily a bug fix release.  The following changes are
+noteworthy:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>Yet another security bug involving hard links to files
+    outside the store was fixed.  This bug only affected multi-user
+    installations that do not have hard link restrictions
+    enabled.  (NixOS is thus not vulnerable.)</para>
+  </listitem>
+
+  <listitem>
+    <para>The default binary cache URL has changed from
+    <uri>http://nixos.org/binary-cache</uri> to
+    <uri>http://cache.nixos.org</uri>.  The latter is hosted on Amazon
+    CloudFront (courtesy of <link
+    xlink:href="http://www.logicblox.com/">LogicBlox</link>) and
+    should provide better performance for users in both Europe and
+    North America.</para>
+  </listitem>
+
+  <listitem>
+    <para>The binary cache substituter now prints a warning message if
+    fetching information from the cache takes more than five seconds.
+    Thus network or server problems no longer make Nix appear to just
+    hang.</para>
+  </listitem>
+
+  <listitem>
+    <para>Stack traces now show function names, e.g.
+<screen>
+while evaluating `concatMapStrings' at `<replaceable>...</replaceable>/nixpkgs/pkgs/lib/strings.nix:18:25':
+</screen>
+      Also, if a function is called with an unexpected argument, Nix
+      now shows the name of the argument.
+    </para>
+  </listitem>
+
+</itemizedlist>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.5.2"><title>Release 1.5.2 (May 13, 2013)</title>
+
+<para>This is primarily a bug fix release.  It has contributions from
+Eelco Dolstra, Lluís Batlle i Rossell and Shea Levy.</para>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.5.1"><title>Release 1.5.1 (February 28, 2013)</title>
+
+<para>The bug fix to the bug fix had a bug itself, of course.  But
+this time it will work for sure!</para>
+
+</section>
+
+
+<!--==================================================================-->
+
+<section xml:id="ssec-relnotes-1.5"><title>Release 1.5 (February 27, 2013)</title>
+
+<para>This is a brown paper bag release to fix a regression introduced
+by the hard link security fix in 1.4.</para>
+
+</section>
+
 
 <!--==================================================================-->
 
@@ -77,10 +607,10 @@ Pernsteiner.</para>
     configuration setting <option>binary-caches</option> contains a
     list of URLs of binary caches.  For instance, doing
 <screen>
-$ nix-env -i thunderbird --option binary-caches http://nixos.org/binary-cache
+$ nix-env -i thunderbird --option binary-caches http://cache.nixos.org
 </screen>
     will install Thunderbird and its dependencies, using the available
-    pre-built binaries in <uri>http://nixos.org/binary-cache</uri>.
+    pre-built binaries in <uri>http://cache.nixos.org</uri>.
     The main advantage over the old “manifest”-based method of getting
     pre-built binaries is that you don’t have to worry about your
     manifest being in sync with the Nix expressions you’re installing
@@ -93,7 +623,7 @@ $ nix-env -i thunderbird --option binary-caches http://nixos.org/binary-cache
     used automatically if you subscribe to that channel.  If you use
     the Nixpkgs or NixOS channels
     (<uri>http://nixos.org/channels</uri>) you automatically get the
-    cache <uri>http://nixos.org/binary-cache</uri>.</para>
+    cache <uri>http://cache.nixos.org</uri>.</para>
 
     <para>Binary caches are created using <command>nix-push</command>.
     For details on the operation and format of binary caches, see the
@@ -307,7 +837,7 @@ Friesdorf, Mats Erik Andersson and Shea Levy.</para>
     <para>When using the Nix daemon, the <option>-s</option> flag in
     <command>nix-env -qa</command> is now much faster.</para>
   </listitem>
-    
+
 </itemizedlist>
 
 </section>
@@ -337,7 +867,7 @@ previous release.  Here are the most significant:</para>
     <filename>/nix/var/nix/manifests</filename>, resulting in a
     significant speedup.</para>
   </listitem>
-    
+
   <listitem>
     <para>Nix now has an search path for expressions.  The search path
     is set using the environment variable <envar>NIX_PATH</envar> and
@@ -374,7 +904,7 @@ previous release.  Here are the most significant:</para>
     you can write <literal>{ "foo-1.2" = …; "bla bla" = …; }."bla
     bla"</literal>.</para>
   </listitem>
-    
+
   <listitem>
     <para>Attribute selection can now provide a default value using
     the <literal>or</literal> operator.  For instance, the expression
@@ -573,7 +1103,7 @@ features:</para>
 </programlisting>
 
     This is useful, for instance, in NixOS configuration files.</para>
-    
+
   </listitem>
 
   <listitem>
@@ -590,7 +1120,7 @@ features:</para>
     which causes <command>uname</command> to return
     <literal>i686</literal> in child processes.</para>
   </listitem>
-  
+
   <listitem>
     <para>Various improvements to the <literal>chroot</literal>
     support.  Building in a <literal>chroot</literal> works quite well
@@ -607,12 +1137,12 @@ features:</para>
   <listitem>
     <para>Support for large (> 4 GiB) files in NAR archives.</para>
   </listitem>
-    
+
   <listitem>
     <para>Various (performance) improvements to the remote build
     mechanism.</para>
   </listitem>
-    
+
   <listitem>
     <para>New primops: <varname>builtins.addErrorContext</varname> (to
     add a string to stack traces — useful for debugging),
@@ -751,8 +1281,8 @@ the following derivations will be built:
 the following paths will be downloaded/copied (30.02 MiB):
   /nix/store/4m8pvgy2dcjgppf5b4cj5l6wyshjhalj-samba-3.2.4
   /nix/store/7h1kwcj29ip8vk26rhmx6bfjraxp0g4l-libunwind-0.98.6
-  ...</screen>      
-  
+  ...</screen>
+
   </para></listitem>
 
   <listitem><para>Language features:
@@ -792,7 +1322,7 @@ the following paths will be downloaded/copied (30.02 MiB):
       division).
       <!-- <varname>builtins.genericClosure</varname> -->
       </para></listitem>
-      
+
     </itemizedlist>
 
   </para></listitem>
@@ -863,7 +1393,7 @@ on Nix.  Here is an (incomplete) list:</para>
   <literal>nix-env -p /nix/var/nix/profiles/browser --set
   firefox</literal> lets the profile named
   <filename>browser</filename> contain just Firefox.</para></listitem>
-  
+
 
   <listitem><para><command>nix-env</command> now maintains
   meta-information about installed packages in profiles.  The
@@ -872,7 +1402,7 @@ on Nix.  Here is an (incomplete) list:</para>
   <varname>homepage</varname>.  The command <literal>nix-env -q --xml
   --meta</literal> shows all meta-information.</para></listitem>
 
-  
+
   <listitem><para><command>nix-env</command> now uses the
   <varname>meta.priority</varname> attribute of derivations to resolve
   filename collisions between packages.  Lower priority values denote
@@ -928,7 +1458,7 @@ on Nix.  Here is an (incomplete) list:</para>
 
   </para></listitem>
 
-  
+
   <listitem><para><command>nix-env -q</command> now has a flag
   <option>--prebuilt-only</option> (<option>-b</option>) that causes
   <command>nix-env</command> to show only those derivations whose
@@ -939,7 +1469,7 @@ on Nix.  Here is an (incomplete) list:</para>
   <command>nix-env -i</command> and <command>nix-env -u</command> to
   filter out derivations for which no pre-built binary is
   available.</para></listitem>
-  
+
 
   <listitem><para>The new option <option>--argstr</option> (in
   <command>nix-env</command>, <command>nix-instantiate</command> and
@@ -955,7 +1485,7 @@ on Nix.  Here is an (incomplete) list:</para>
   <parameter>paths</parameter> that shows the build log of the given
   paths.</para></listitem>
 
-  
+
   <!--
   <listitem><para>TODO: semantic cleanups of string concatenation
   etc. (mostly in r6740).</para></listitem>
@@ -1013,12 +1543,12 @@ on Nix.  Here is an (incomplete) list:</para>
   <literal>md5</literal>.  You can pass either a hexadecimal or a
   base-32 encoding of the hash.</para></listitem>
 
-  
+
   <listitem><para>Nix can now perform builds in an automatically
   generated “chroot”.  This prevents a builder from accessing stuff
   outside of the Nix store, and thus helps ensure purity.  This is an
   experimental feature.</para></listitem>
-  
+
 
   <listitem><para>The new command <command>nix-store
   --optimise</command> reduces Nix store disk space usage by finding
@@ -1026,7 +1556,7 @@ on Nix.  Here is an (incomplete) list:</para>
   It typically reduces the size of the store by something like
   25-35%.</para></listitem>
 
-  
+
   <listitem><para><filename>~/.nix-defexpr</filename> can now be a
   directory, in which case the Nix expressions in that directory are
   combined into an attribute set, with the file names used as the
@@ -1112,10 +1642,10 @@ irreversible.</para></warning>
 
 <itemizedlist>
 
-  
+
   <!-- Usability / features -->
 
-  
+
   <listitem><para><command>nix-env</command> usability improvements:
 
     <itemizedlist>
@@ -1151,9 +1681,9 @@ irreversible.</para></warning>
       most packages in Nixpkgs don’t have yet).</para></listitem>
 
     </itemizedlist>
-  
+
   </para></listitem>
-  
+
 
   <listitem><para>New language features:
 
@@ -1176,7 +1706,7 @@ irreversible.</para></warning>
       You can write arbitrary expressions within
       <literal>${<replaceable>...</replaceable>}</literal>, not just
       identifiers.</para></listitem>
-      
+
       <listitem><para>Multi-line string literals.</para></listitem>
 
       <listitem><para>String concatenations can now involve
@@ -1218,7 +1748,7 @@ irreversible.</para></warning>
   Very convenient whenever you have some package on your machine and
   you want to copy it somewhere else.</para></listitem>
 
-  
+
   <listitem><para>XML support:
 
     <itemizedlist>
@@ -1241,9 +1771,9 @@ irreversible.</para></warning>
     </itemizedlist>
 
   </para></listitem>
-  
 
-  <listitem><para>You can now unambigously specify which derivation to
+
+  <listitem><para>You can now unambiguously specify which derivation to
   build or install in <command>nix-env</command>,
   <command>nix-instantiate</command> and <command>nix-build</command>
   using the <option>--attr</option> / <option>-A</option> flags, which
@@ -1255,7 +1785,7 @@ irreversible.</para></warning>
   <replaceable>foo</replaceable></literal>.  <literal>nix-env -q
   --attr</literal> shows the attribute names corresponding to each
   derivation.</para></listitem>
-  
+
 
   <listitem><para>If the top-level Nix expression used by
   <command>nix-env</command>, <command>nix-instantiate</command> or
@@ -1266,7 +1796,7 @@ irreversible.</para></warning>
   <replaceable>value</replaceable></option> can be used to specify
   function arguments on the command line.</para></listitem>
 
-  
+
   <listitem><para><literal>nix-install-package --url
   <replaceable>URL</replaceable></literal> allows a package to be
   installed directly from the given URL.</para></listitem>
@@ -1312,7 +1842,7 @@ irreversible.</para></warning>
 
   </para></listitem>
 
-  
+
   <listitem><para>Garbage collector improvements:
 
     <itemizedlist>
@@ -1344,12 +1874,12 @@ irreversible.</para></warning>
       from the Nix store.  It won’t delete reachable (non-garbage)
       paths unless <option>--ignore-liveness</option> is
       specified.</para></listitem>
-      
+
     </itemizedlist>
 
   </para></listitem>
 
-  
+
   <listitem><para>Berkeley DB 4.4’s process registry feature is used
   to recover from crashed Nix processes.</para></listitem>
 
@@ -1383,7 +1913,7 @@ irreversible.</para></warning>
     <itemizedlist>
 
       <listitem><para>Make sure that the garbage collector can run
-      succesfully when the disk is full
+      successfully when the disk is full
       (<literal>NIX-18</literal>).</para></listitem>
 
       <listitem><para><command>nix-env</command> now locks the profile
@@ -1515,7 +2045,7 @@ svnService = derivation {
 };</programlisting>
 
   Previously, this would yield a black hole (infinite recursion).</para>
-  
+
   </listitem>
 
   <listitem><para><command>nix-build</command> now defaults to using
@@ -1657,7 +2187,7 @@ $ nix-store -q --referrers-closure \
     /nix/store/8lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4</screen>
 
   </para>
-  
+
   </listitem>
 
   <listitem><para>The concept of fixed-output derivations has been
@@ -1738,7 +2268,7 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
   </itemizedlist></para></listitem>
 
   <listitem><para>A hash of the contents of a store path is now stored
-  in the database after a succesful build.  This allows you to check
+  in the database after a successful build.  This allows you to check
   whether store paths have been tampered with: <command>nix-store
   --verify --check-contents</command>.</para></listitem>
 
@@ -1902,7 +2432,7 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
     <itemizedlist>
 
       <listitem><para>Derivations for other platforms are filtered out
-      (which can be overriden using
+      (which can be overridden using
       <option>--system-filter</option>).</para></listitem>
 
       <listitem><para><option>--install</option> by default now
@@ -1921,7 +2451,7 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
       columnised).</para></listitem>
 
     </itemizedlist>
-    
+
     </para>
 
   </listitem>
@@ -1935,7 +2465,7 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
     <para>Nix expression language changes:
 
     <itemizedlist>
-      
+
       <listitem><para>New language construct: <literal>with
       <replaceable>E1</replaceable>;
       <replaceable>E2</replaceable></literal> brings all attributes

doc/manual/troubleshooting.xml

@@ -17,7 +17,7 @@ bug tracker</link> for a list of currently known issues.</para>
 $ nix-env -i docbook-xml
 ...
 adding /nix/store/s5hyxgm62gk2...-docbook-xml-4.2
-collission between `/nix/store/s5hyxgm62gk2...-docbook-xml-4.2/xml/dtd/docbook/calstblx.dtd'
+collision between `/nix/store/s5hyxgm62gk2...-docbook-xml-4.2/xml/dtd/docbook/calstblx.dtd'
   and `/nix/store/06h377hr4b33...-docbook-xml-4.3/xml/dtd/docbook/calstblx.dtd'
   at /nix/store/...-builder.pl line 62.</screen>
 
@@ -68,7 +68,7 @@ in <filename>/nix/store</filename>, as can be seen using <command>ls
 $ ls -l /nix/store
 drwxrwxrwt 32000 nix nix 4620288 Sep 8 15:08 store</screen>
 
-The <literal>ext2</literal> file system is limited to a inode link
+The <literal>ext2</literal> file system is limited to an inode link
 count of 32,000 (each subdirectory increasing the count by one).
 Furthermore, the <literal>st_nlink</literal> field of the
 <function>stat</function> system call is a 16-bit value.</para>

doc/manual/writing-nix-expressions.xml

@@ -15,7 +15,7 @@ on to a more in-depth look at the Nix expression language.</para>
 For more extensive information on adding packages to the Nix Packages
 collection (such as functions in the standard environment and coding
 conventions), please consult <link
-xlink:href="http://hydra.nixos.org/job/nixpkgs/trunk/tarball/latest/download-by-type/doc/manual">its
+xlink:href="http://nixos.org/nixpkgs/manual/">its
 manual</link>.</para></note>
 
 
@@ -118,10 +118,10 @@ the single Nix expression in that directory
     <varname>stdenv.mkDerivation</varname>.
     <varname>mkDerivation</varname> is a function provided by
     <varname>stdenv</varname> that builds a package from a set of
-    <emphasis>attributes</emphasis>.  An attribute set is just a list
-    of key/value pairs where each value is an arbitrary Nix
-    expression.  They take the general form
-    <literal>{ <replaceable>name1</replaceable> =
+    <emphasis>attributes</emphasis>.  A set is just a list of
+    key/value pairs where each key is a string and each value is an
+    arbitrary Nix expression.  They take the general form <literal>{
+    <replaceable>name1</replaceable> =
     <replaceable>expr1</replaceable>; <replaceable>...</replaceable>
     <replaceable>nameN</replaceable> =
     <replaceable>exprN</replaceable>; }</literal>.</para>
@@ -384,9 +384,9 @@ some fragments of
 
     <para>This is where the actual composition takes place.  Here we
     <emphasis>call</emphasis> the function imported from
-    <filename>../applications/misc/hello/ex-1</filename> with an
-    attribute set containing the things that the function expects,
-    namely <varname>fetchurl</varname>, <varname>stdenv</varname>, and
+    <filename>../applications/misc/hello/ex-1</filename> with a set
+    containing the things that the function expects, namely
+    <varname>fetchurl</varname>, <varname>stdenv</varname>, and
     <varname>perl</varname>.  We use inherit again to use the
     attributes defined in the surrounding scope (we could also have
     written <literal>fetchurl = fetchurl;</literal>, etc.).</para>
@@ -617,7 +617,7 @@ Laziness means that arguments to functions are evaluated only when
 they are needed.  Functional means that functions are
 <quote>normal</quote> values that can be passed around and manipulated
 in interesting ways.  The language is not a full-featured, general
-purpose language.  It's main job is to describe packages,
+purpose language.  Its main job is to describe packages,
 compositions of packages, and the variability within
 packages.</para>
 
@@ -701,7 +701,7 @@ configureFlags = "
     number of spaces equal to the minimal indentation of the string as
     a whole (disregarding the indentation of empty lines).  For
     instance, the first and second line are indented two space, while
-    the third line is indented three spaces.  Thus, two spaces are
+    the third line is indented four spaces.  Thus, two spaces are
     stripped from each line, so the resulting string is
 
 <programlisting>
@@ -714,18 +714,18 @@ configureFlags = "
     text on the initial line.</para>
 
     <para>Antiquotation
-    (<literal>${<replaceable>expr</replaceable>}}</literal>) is
+    (<literal>${<replaceable>expr</replaceable>}</literal>) is
     supported in indented strings.</para>
 
     <para>Since <literal>${</literal> and <literal>''</literal> have
     special meaning in indented strings, you need a way to quote them.
     <literal>${</literal> can be escaped by prefixing it with
-    <literal>''</literal>, i.e., <literal>''${</literal>.
-    <literal>''</literal> can be escaped by prefixing it with
-    <literal>'</literal>, i.e., <literal>'''</literal>.  Finally,
-    linefeed, carriage-return and tab characters can be writted as
-    <literal>''\n</literal>, <literal>''\r</literal>,
-    <literal>''\t</literal>.</para>
+    <literal>''</literal> (that is, two single quotes), i.e.,
+    <literal>''${</literal>.  <literal>''</literal> can be escaped by
+    prefixing it with <literal>'</literal>, i.e.,
+    <literal>'''</literal>.  Finally, linefeed, carriage-return and
+    tab characters can be written as <literal>''\n</literal>,
+    <literal>''\r</literal>, <literal>''\t</literal>.</para>
 
     <para>Indented strings are primarily useful in that they allow
     multi-line string literals to follow the indentation of the
@@ -775,13 +775,16 @@ stdenv.mkDerivation {
   absolute at parse time relative to the directory of the Nix
   expression that contained it.  For instance, if a Nix expression in
   <filename>/foo/bar/bla.nix</filename> refers to
-  <filename>../xyzzy/fnord.nix</filename>, the absolutised path is
+  <filename>../xyzzy/fnord.nix</filename>, the absolute path is
   <filename>/foo/xyzzy/fnord.nix</filename>.</para></listitem>
 
   <listitem><para><emphasis>Booleans</emphasis> with values
   <literal>true</literal> and
   <literal>false</literal>.</para></listitem>
 
+  <listitem><para>The null value, denoted as
+  <literal>null</literal>.</para></listitem>
+
 </itemizedlist>
 
 </para>
@@ -805,20 +808,21 @@ to be enclosed in parentheses.  If they had been omitted, e.g.,
 [ 123 ./foo.nix "abc" f { x = y; } ]</programlisting>
 
 the result would be a list of five elements, the fourth one being a
-function and the fifth being an attribute set.</para>
+function and the fifth being a set.</para>
 
 </simplesect>
 
 
-<simplesect><title>Attribute sets</title>
+<simplesect><title>Sets</title>
 
-<para>Attribute sets are really the core of the language, since
-ultimately it's all about creating derivations, which are really just
+<para>Sets are really the core of the language, since ultimately the
+Nix language is all about creating derivations, which are really just
 sets of attributes to be passed to build scripts.</para>
 
-<para>Attribute sets are just a list of name/value pairs enclosed in
-curly brackets, where each value is an arbitrary expression terminated
-by a semicolon.  For example:
+<para>Sets are just a list of name/value pairs (called
+<emphasis>attributes</emphasis>) enclosed in curly brackets, where
+each value is an arbitrary expression terminated by a semicolon.  For
+example:
 
 <programlisting>
 { x = 123;
@@ -826,12 +830,12 @@ by a semicolon.  For example:
   y = f { bla = 456; };
 }</programlisting>
 
-This defines an attribute set with attributes named
-<varname>x</varname>, <varname>test</varname>, <varname>y</varname>.
-The order of the attributes is irrelevant.  An attribute name may only
-occur once.</para>
+This defines a set with attributes named <varname>x</varname>,
+<varname>text</varname>, <varname>y</varname>.  The order of the
+attributes is irrelevant.  An attribute name may only occur
+once.</para>
 
-<para>Attributes can be selected from an attribute set using the
+<para>Attributes can be selected from a set using the
 <literal>.</literal> operator.  For instance,
 
 <programlisting>
@@ -847,13 +851,37 @@ default value in an attribute selection using the
 will evaluate to <literal>"Xyzzy"</literal> because there is no
 <varname>c</varname> attribute in the set.</para>
 
-<para>You can use arbitrary string constants as attribute names by
-enclosing them in quotes:
+<para>You can use arbitrary double-quoted strings as attribute
+names:
 
 <programlisting>
-{ "foo bar" = 123; "nix-1.0" = 456; }."foo bar" </programlisting>
+{ "foo ${bar}" = 123; "nix-1.0" = 456; }."foo ${bar}"
+</programlisting>
+
+This will evaluate to <literal>123</literal> (Assuming
+<literal>bar</literal> is antiquotable). In the case where an
+attribute name is just a single antiquotation, the quotes can be
+dropped:
+
+<programlisting>
+{ foo = 123; }.${bar} or 456 </programlisting>
+
+This will evaluate to <literal>123</literal> if
+<literal>bar</literal> evaluates to <literal>"foo"</literal> when
+coerced to a string and <literal>456</literal> otherwise (again
+assuming <literal>bar</literal> is antiquotable).</para>
+
+<para>In the special case where an attribute name inside of a set declaration
+evaluates to <literal>null</literal> (which is normally an error, as
+<literal>null</literal> is not antiquotable), that attribute is simply not
+added to the set:
+
+<programlisting>
+{ ${if foo then "bar" else null} = true; }</programlisting>
+
+This will evaluate to <literal>{}</literal> if <literal>foo</literal>
+evaluates to <literal>false</literal>.</para>
 
-This will evaluate to <literal>123</literal>.</para>
 
 </simplesect>
 
@@ -864,10 +892,10 @@ This will evaluate to <literal>123</literal>.</para>
 <section><title>Language constructs</title>
 
 
-<simplesect><title>Recursive attribute sets</title>
+<simplesect><title>Recursive sets</title>
 
-<para>Recursive attribute sets are just normal attribute sets, but the
-attributes can refer to each other.  For example,
+<para>Recursive sets are just normal sets, but the attributes can
+refer to each other.  For example,
 
 <programlisting>
 rec {
@@ -880,11 +908,11 @@ evaluates to <literal>123</literal>.  Note that without
 <literal>rec</literal> the binding <literal>x = y;</literal> would
 refer to the variable <varname>y</varname> in the surrounding scope,
 if one exists, and would be invalid if no such variable exists.  That
-is, in a normal (non-recursive) attribute set, attributes are not
-added to the lexical scope; in a recursive set, they are.</para>
+is, in a normal (non-recursive) set, attributes are not added to the
+lexical scope; in a recursive set, they are.</para>
 
-<para>Recursive attribute sets of course introduce the danger of
-infinite recursion.  For example,
+<para>Recursive sets of course introduce the danger of infinite
+recursion.  For example,
 
 <programlisting>
 rec {
@@ -901,8 +929,8 @@ encountered</quote>).</para></footnote>.</para>
 
 <simplesect><title>Let-expressions</title>
 
-<para>A let-expression allows you define local
-variables for an expression.  For instance,
+<para>A let-expression allows you define local variables for an
+expression.  For instance,
 
 <programlisting>
 let
@@ -914,20 +942,14 @@ evaluates to <literal>"foobar"</literal>.
 
 </para>
 
-<note><para>There is also an obsolete form of let-expression,
-<literal>let { <replaceable>attrs</replaceable> }</literal>, which is
-translated to <literal>rec { <replaceable>attrs</replaceable>
-}.body</literal>.  That is, the body of the let-expression is the
-<literal>body</literal> attribute of the attribute set.</para></note>
-
 </simplesect>
 
 
 <simplesect><title>Inheriting attributes</title>
 
-<para>When defining an attribute set it is often convenient to copy
-variables from the surrounding lexical scope (e.g., when you want to
-propagate attributes).  This can be shortened using the
+<para>When defining a set it is often convenient to copy variables
+from the surrounding lexical scope (e.g., when you want to propagate
+attributes).  This can be shortened using the
 <literal>inherit</literal> keyword.  For instance,
 
 <programlisting>
@@ -936,10 +958,10 @@ let x = 123; in
   y = 456;
 }</programlisting>
 
-evaluates to <literal>{ x = 123; y = 456; }</literal>.  (Note that this
-works because <varname>x</varname> is added to the lexical scope by
-the <literal>let</literal> construct.)  It is also possible to inherit
-attributes from another attribute set.  For instance, in this fragment
+evaluates to <literal>{ x = 123; y = 456; }</literal>.  (Note that
+this works because <varname>x</varname> is added to the lexical scope
+by the <literal>let</literal> construct.)  It is also possible to
+inherit attributes from another set.  For instance, in this fragment
 from <filename>all-packages.nix</filename>,
 
 <programlisting>
@@ -958,13 +980,12 @@ from <filename>all-packages.nix</filename>,
   libjpg = ...;
   ...</programlisting>
 
-the attribute set used in the function call to the function defined in
+the set used in the function call to the function defined in
 <filename>../tools/graphics/graphviz</filename> inherits a number of
 variables from the surrounding scope (<varname>fetchurl</varname>
 ... <varname>yacc</varname>), but also inherits
 <varname>libXaw</varname> (the X Athena Widgets) from the
-<varname>xlibs</varname> (X11 client-side libraries) attribute
-set.</para>
+<varname>xlibs</varname> (X11 client-side libraries) set.</para>
 
 </simplesect>
 
@@ -1003,11 +1024,11 @@ map (concat "foo") [ "bar" "bla" "abc" ]</programlisting>
   "fooabc" ]</literal>.</para></listitem>
 
 
-  <listitem><para>An <emphasis>attribute set pattern</emphasis> of the
-  form <literal>{ name1, name2, …, nameN }</literal>
-  matches an attribute set containing the listed attributes, and binds
-  the values of those attributes to variables in the function body.
-  For example, the function
+  <listitem><para>A <emphasis>set pattern</emphasis> of the form
+  <literal>{ name1, name2, …, nameN }</literal> matches a set
+  containing the listed attributes, and binds the values of those
+  attributes to variables in the function body.  For example, the
+  function
 
 <programlisting>
 { x, y, z }: z + y + x</programlisting>
@@ -1174,9 +1195,8 @@ used in the Nix expression for Subversion.</para>
 <programlisting>
 with <replaceable>e1</replaceable>; <replaceable>e2</replaceable></programlisting>
 
-introduces the attribute set <replaceable>e1</replaceable> into the
-lexical scope of the expression <replaceable>e2</replaceable>.  For
-instance,
+introduces the set <replaceable>e1</replaceable> into the lexical
+scope of the expression <replaceable>e2</replaceable>.  For instance,
 
 <programlisting>
 let as = { x = "foo"; y = "bar"; };
@@ -1235,7 +1255,7 @@ weakest binding).</para>
         </entry>
         <entry>none</entry>
         <entry>Select attribute denoted by the attribute path
-        <replaceable>attrpath</replaceable> from attribute set
+        <replaceable>attrpath</replaceable> from set
         <replaceable>e</replaceable>.  (An attribute path is a
         dot-separated list of attribute names.)  If the attribute
         doesn’t exist, return <replaceable>def</replaceable> if
@@ -1251,8 +1271,8 @@ weakest binding).</para>
         <entry><replaceable>e</replaceable> <literal>?</literal>
         <replaceable>attrpath</replaceable></entry>
         <entry>none</entry>
-        <entry>Test whether attribute set <replaceable>e</replaceable>
-        contains the attribute denoted by <replaceable>attrpath</replaceable>;
+        <entry>Test whether set <replaceable>e</replaceable> contains
+        the attribute denoted by <replaceable>attrpath</replaceable>;
         return <literal>true</literal> or
         <literal>false</literal>.</entry>
       </row>
@@ -1275,10 +1295,11 @@ weakest binding).</para>
         <entry><replaceable>e1</replaceable> <literal>//</literal>
         <replaceable>e2</replaceable></entry>
         <entry>right</entry>
-        <entry>Return an attribute set consisting of the attributes in
+        <entry>Return a set consisting of the attributes in
         <replaceable>e1</replaceable> and
         <replaceable>e2</replaceable> (with the latter taking
-        precedence over the former in case of equally named attributes).</entry>
+        precedence over the former in case of equally named
+        attributes).</entry>
       </row>
       <row>
         <entry><replaceable>e1</replaceable> <literal>==</literal>
@@ -1322,9 +1343,9 @@ weakest binding).</para>
 <section xml:id="ssec-derivation"><title>Derivations</title>
 
 <para>The most important built-in function is
-<function>derivation</function>, which is used to describe a
-single derivation (a build action).  It takes as input an attribute
-set, the attributes of which specify the inputs of the build.</para>
+<function>derivation</function>, which is used to describe a single
+derivation (a build action).  It takes as input a set, the attributes
+of which specify the inputs of the build.</para>
 
 <itemizedlist>
 
@@ -1743,12 +1764,15 @@ impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
   <varlistentry><term><varname>preferLocalBuild</varname></term>
 
     <listitem><para>If this attribute is set to
-    <literal>true</literal> and <link
+    <literal>true</literal>, it has two effects.  First, the
+    derivation will always be built, not substituted, even if a
+    substitute is available.  Second, if <link
     linkend="chap-distributed-builds">distributed building is
-    enabled</link>, then, if possible, perform this build locally
-    instead of forwarding it to a remote machine.  This is appropriate
-    for trivial builders where the cost of doing a remote build would
-    exceed the cost of building locally.</para></listitem>
+    enabled</link>, then, if possible, the derivaton will be built
+    locally instead of forwarded to a remote machine.  This is
+    appropriate for trivial builders where the cost of doing a
+    download or remote build would exceed the cost of building
+    locally.</para></listitem>
 
   </varlistentry>
 

local.mk

@@ -0,0 +1,11 @@
+ifeq ($(MAKECMDGOALS), dist)
+  dist-files += $(shell git ls-files) $(shell git ls-files)
+endif
+
+dist-files += configure config.h.in nix.spec
+
+GLOBAL_CXXFLAGS += -I . -I src -I src/libutil -I src/libstore -I src/libmain -I src/libexpr
+
+$(foreach i, config.h $(call rwildcard, src/lib*, *.hh), $(eval $(call install-file-in, $(i), $(includedir)/nix, 0644)))
+
+$(foreach i, config.h $(call rwildcard, src/boost, *.hpp), $(eval $(call install-file-in, $(i), $(includedir)/nix/$(patsubst src/%/,%,$(dir $(i))), 0644)))

misc/Makefile.am

@@ -1 +0,0 @@
-SUBDIRS = emacs

misc/emacs/Makefile.am

@@ -1,5 +0,0 @@
-EXTRA_DIST = nix-mode.el
-
-install-data-local:
-	$(INSTALL) -d $(DESTDIR)$(datadir)/emacs/site-lisp
-	$(INSTALL_DATA) $(srcdir)/nix-mode.el $(DESTDIR)$(datadir)/emacs/site-lisp

misc/emacs/local.mk

@@ -0,0 +1 @@
+$(eval $(call install-data-in,$(d)/nix-mode.el,$(datadir)/emacs/site-lisp))

misc/systemd/local.mk

@@ -0,0 +1 @@
+$(foreach n, nix-daemon.socket nix-daemon.service, $(eval $(call install-file-in, $(d)/$(n), $(prefix)/lib/systemd/system, 0644)))

misc/systemd/nix-daemon.service

@@ -1,10 +0,0 @@
-[Unit]
-Description=Helper daemon for managing secure, multi-user Nix stores
-After=syslog.target
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/nix-daemon
-
-[Install]
-WantedBy=multi-user.target

misc/systemd/nix-daemon.service.in

@@ -0,0 +1,9 @@
+[Unit]
+Description=Nix Daemon
+RequiresMountsFor=@storedir@
+RequiresMountsFor=@localstatedir@
+ConditionPathIsReadWrite=@localstatedir@/nix/daemon-socket
+
+[Service]
+ExecStart=@@bindir@/nix-daemon nix-daemon --daemon
+KillMode=process

misc/systemd/nix-daemon.socket.in

@@ -0,0 +1,11 @@
+[Unit]
+Description=Nix Daemon Socket
+Before=multi-user.target
+RequiresMountsFor=@storedir@
+ConditionPathIsReadWrite=@localstatedir@/nix/daemon-socket
+
+[Socket]
+ListenStream=@localstatedir@/nix/daemon-socket/socket
+
+[Install]
+WantedBy=sockets.target

mk/README.md

@@ -0,0 +1,6 @@
+This is a set of helper Makefiles for doing non-recursive builds with
+GNU Make.  The canonical source can be found at
+https://github.com/edolstra/make-rules.  You should copy the files
+into the `mk` subdirectory of your project.
+
+TODO: write more documentation.

mk/clean.mk

@@ -0,0 +1,11 @@
+clean-files :=
+
+clean:
+	$(suppress) rm -fv -- $(clean-files)
+
+dryclean:
+	@for i in $(clean-files); do if [ -e $$i ]; then echo $$i; fi; done | sort
+
+print-top-help += \
+  echo "  clean: Delete generated files"; \
+  echo "  dryclean: Show what files would be deleted by 'make clean'";

mk/dist.mk

@@ -0,0 +1,17 @@
+ifdef PACKAGE_NAME
+
+dist-name = $(PACKAGE_NAME)-$(PACKAGE_VERSION)
+
+dist: $(dist-name).tar.bz2 $(dist-name).tar.xz
+
+$(dist-name).tar.bz2: $(dist-files)
+	$(trace-gen) tar cfj $@ $(sort $(dist-files)) --transform 's,^,$(dist-name)/,'
+
+$(dist-name).tar.xz: $(dist-files)
+	$(trace-gen) tar cfJ $@ $(sort $(dist-files)) --transform 's,^,$(dist-name)/,'
+
+clean-files += $(dist-name).tar.bz2 $(dist-name).tar.xz
+
+print-top-help += echo "  dist: Generate a source distribution";
+
+endif

mk/functions.mk

@@ -0,0 +1,14 @@
+# Utility function for recursively finding files, e.g.
+# ‘$(call rwildcard, path/to/dir, *.c *.h)’.
+rwildcard=$(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d))
+
+# Given a file name, produce the corresponding dependency file
+# (e.g. ‘foo/bar.o’ becomes ‘foo/.bar.o.dep’).
+filename-to-dep = $(dir $1).$(notdir $1).dep
+
+# Return the full path to a program by looking it up in $PATH, or the
+# empty string if not found.
+find-program = $(shell for i in $$(IFS=: ; echo $$PATH); do p=$$i/$(strip $1); if [ -e $$p ]; then echo $$p; break; fi; done)
+
+# Remove trailing slash.
+add-trailing-slash = $(patsubst %/,%,$(1))/

mk/install.mk

@@ -0,0 +1,62 @@
+# Add a rule for creating $(1) as a directory.  This template may be
+# called multiple times for the same directory.
+define create-dir
+   _i := $$(call add-trailing-slash, $(DESTDIR)$$(strip $(1)))
+  ifndef $$(_i)_SEEN
+    $$(_i)_SEEN = 1
+    $$(_i):
+	$$(trace-mkdir) install -d "$$@"
+  endif
+endef
+
+
+# Add a rule for installing file $(1) as file $(2) with mode $(3).
+# The directory containing $(2) will be created automatically.
+define install-file-as
+
+  _i := $(DESTDIR)$$(strip $(2))
+
+  install: $$(_i)
+
+  $$(_i): $(1) | $$(dir $$(_i))
+	$$(trace-install) install -m $(3) $(1) "$$@"
+
+  $$(eval $$(call create-dir, $$(dir $(2))))
+
+endef
+
+
+# Add a rule for installing file $(1) in directory $(2) with mode
+# $(3).  The directory will be created automatically.
+define install-file-in
+  $$(eval $$(call install-file-as,$(1),$(2)/$$(notdir $(1)),$(3)))
+endef
+
+
+define install-program-in
+  $$(eval $$(call install-file-in,$(1),$(2),0755))
+endef
+
+
+define install-data-in
+  $$(eval $$(call install-file-in,$(1),$(2),0644))
+endef
+
+
+# Install a symlink from $(2) to $(1).  Note that $(1) need not exist.
+define install-symlink
+
+  _i := $(DESTDIR)$$(strip $(2))
+
+  install: $$(_i)
+
+  $$(_i): | $$(dir $$(_i))
+	$$(trace-install) ln -sfn $(1) "$$@"
+
+  $$(eval $$(call create-dir, $$(dir $(2))))
+
+endef
+
+
+print-top-help += \
+  echo "  install: Install into \$$(prefix) (currently set to '$(prefix)')";

mk/jars.mk

@@ -0,0 +1,29 @@
+define build-jar
+  $(1)_NAME ?= $(1)
+
+  _d := $$(strip $$($(1)_DIR))
+
+  $(1)_PATH := $$(_d)/$$($(1)_NAME).jar
+
+  $(1)_TMPDIR := $$(_d)/.$$($(1)_NAME).jar.tmp
+
+  $$($(1)_PATH): $$($(1)_SOURCES)
+	@rm -rf $$($(1)_TMPDIR)
+	@mkdir -p $$($(1)_TMPDIR)
+	$$(trace-javac) javac $(GLOBAL_JAVACFLAGS) $$($(1)_JAVACFLAGS) -d $$($(1)_TMPDIR) $$($(1)_SOURCES)
+	$$(trace-jar) jar cf $$($(1)_PATH) -C $$($(1)_TMPDIR) .
+	@rm -rf $$($(1)_TMPDIR)
+
+  $(1)_INSTALL_DIR ?= $$(libdir)/java
+
+  $(1)_INSTALL_PATH := $$($(1)_INSTALL_DIR)/$$($(1)_NAME).jar
+
+  $$(eval $$(call install-file-as, $$($(1)_PATH), $$($(1)_INSTALL_PATH), 0644))
+
+  install: $$($(1)_INSTALL_PATH)
+
+  jars-list += $$($(1)_PATH)
+
+  clean-files += $$($(1)_PATH)
+
+endef

mk/lib.mk

@@ -0,0 +1,131 @@
+default: all
+
+
+# Get rid of default suffixes. FIXME: is this a good idea?
+.SUFFIXES:
+
+
+# Initialise some variables.
+bin-scripts :=
+noinst-scripts :=
+man-pages :=
+install-tests :=
+dist-files :=
+OS = $(shell uname -s)
+
+
+# Default installation paths.
+prefix ?= /usr/local
+libdir ?= $(prefix)/lib
+bindir ?= $(prefix)/bin
+libexecdir ?= $(prefix)/libexec
+datadir ?= $(prefix)/share
+localstatedir ?= $(prefix)/var
+sysconfdir ?= $(prefix)/etc
+mandir ?= $(prefix)/share/man
+
+
+# Pass -fPIC if we're building dynamic libraries.
+BUILD_SHARED_LIBS ?= 1
+
+ifeq ($(BUILD_SHARED_LIBS), 1)
+  GLOBAL_CFLAGS += -fPIC
+  GLOBAL_CXXFLAGS += -fPIC
+  ifneq ($(OS), Darwin)
+   ifneq ($(OS), SunOS)
+    GLOBAL_LDFLAGS += -Wl,--no-copy-dt-needed-entries
+   endif
+  endif
+  SET_RPATH_TO_LIBS ?= 1
+endif
+
+
+# Pass -g if we want debug info.
+BUILD_DEBUG ?= 1
+
+ifeq ($(BUILD_DEBUG), 1)
+  GLOBAL_CFLAGS += -g
+  GLOBAL_CXXFLAGS += -g
+  GLOBAL_JAVACFLAGS += -g
+endif
+
+
+include mk/functions.mk
+include mk/tracing.mk
+include mk/clean.mk
+include mk/install.mk
+include mk/libraries.mk
+include mk/programs.mk
+include mk/jars.mk
+include mk/patterns.mk
+include mk/templates.mk
+include mk/tests.mk
+
+
+# Include all sub-Makefiles.
+define include-sub-makefile
+  d := $$(patsubst %/,%,$$(dir $(1)))
+  include $(1)
+endef
+
+$(foreach mf, $(makefiles), $(eval $(call include-sub-makefile, $(mf))))
+
+
+# Instantiate stuff.
+$(foreach lib, $(libraries), $(eval $(call build-library,$(lib))))
+$(foreach prog, $(programs), $(eval $(call build-program,$(prog))))
+$(foreach jar, $(jars), $(eval $(call build-jar,$(jar))))
+$(foreach script, $(bin-scripts), $(eval $(call install-program-in,$(script),$(bindir))))
+$(foreach script, $(bin-scripts), $(eval programs-list += $(script)))
+$(foreach script, $(noinst-scripts), $(eval programs-list += $(script)))
+$(foreach template, $(template-files), $(eval $(call instantiate-template,$(template))))
+$(foreach test, $(install-tests), $(eval $(call run-install-test,$(test))))
+$(foreach file, $(man-pages), $(eval $(call install-data-in, $(file), $(mandir)/man$(patsubst .%,%,$(suffix $(file))))))
+
+
+include mk/dist.mk
+
+
+.PHONY: default all man help
+
+all: $(programs-list) $(libs-list) $(jars-list) $(man-pages)
+
+man: $(man-pages)
+
+
+help:
+	@echo "The following targets are available:"
+	@echo ""
+	@echo "  default: Build default targets"
+ifdef man-pages
+	@echo "  man: Generate manual pages"
+endif
+	@$(print-top-help)
+ifdef programs-list
+	@echo ""
+	@echo "The following programs can be built:"
+	@echo ""
+	@for i in $(programs-list); do echo "  $$i"; done
+endif
+ifdef libs-list
+	@echo ""
+	@echo "The following libraries can be built:"
+	@echo ""
+	@for i in $(libs-list); do echo "  $$i"; done
+endif
+ifdef jars-list
+	@echo ""
+	@echo "The following JARs can be built:"
+	@echo ""
+	@for i in $(jars-list); do echo "  $$i"; done
+endif
+	@echo ""
+	@echo "The following variables control the build:"
+	@echo ""
+	@echo "  BUILD_SHARED_LIBS ($(BUILD_SHARED_LIBS)): Whether to build shared libraries"
+	@echo "  BUILD_DEBUG ($(BUILD_DEBUG)): Whether to include debug symbols"
+	@echo "  CC ($(CC)): C compiler to be used"
+	@echo "  CFLAGS: Flags for the C compiler"
+	@echo "  CXX ($(CXX)): C++ compiler to be used"
+	@echo "  CXXFLAGS: Flags for the C++ compiler"
+	@$(print-var-help)

mk/libraries.mk

@@ -0,0 +1,128 @@
+libs-list :=
+
+ifeq ($(OS), Darwin)
+  SO_EXT = dylib
+else
+  SO_EXT = so
+endif
+
+# Build a library with symbolic name $(1).  The library is defined by
+# various variables prefixed by ‘$(1)_’:
+#
+# - $(1)_NAME: the name of the library (e.g. ‘libfoo’); defaults to
+#   $(1).
+#
+# - $(1)_DIR: the directory where the (non-installed) library will be
+#   placed.
+#
+# - $(1)_SOURCES: the source files of the library.
+#
+# - $(1)_CFLAGS: additional C compiler flags.
+#
+# - $(1)_CXXFLAGS: additional C++ compiler flags.
+#
+# - $(1)_LIBS: the symbolic names of other libraries on which this
+#   library depends.
+#
+# - $(1)_ALLOW_UNDEFINED: if set, the library is allowed to have
+#   undefined symbols.  Has no effect for static libraries.
+#
+# - $(1)_LDFLAGS: additional linker flags.
+#
+# - $(1)_LDFLAGS_PROPAGATED: additional linker flags, also propagated
+#   to the linking of programs/libraries that use this library.
+#
+# - $(1)_FORCE_INSTALL: if defined, the library will be installed even
+#   if it's not needed (i.e. dynamically linked) by a program.
+#
+# - $(1)_INSTALL_DIR: the directory where the library will be
+#   installed.  Defaults to $(libdir).
+#
+# - BUILD_SHARED_LIBS: if equal to ‘1’, a dynamic library will be
+#   built, otherwise a static library.
+define build-library
+  $(1)_NAME ?= $(1)
+  _d := $$(strip $$($(1)_DIR))
+  _srcs := $$(sort $$(foreach src, $$($(1)_SOURCES), $$(src)))
+  $(1)_OBJS := $$(addsuffix .o, $$(basename $$(_srcs)))
+  _libs := $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_PATH))
+
+  $(1)_INSTALL_DIR ?= $$(libdir)
+
+  $(1)_LDFLAGS_USE :=
+  $(1)_LDFLAGS_USE_INSTALLED :=
+
+  $$(eval $$(call create-dir, $$(_d)))
+
+  ifeq ($(BUILD_SHARED_LIBS), 1)
+
+    ifdef $(1)_ALLOW_UNDEFINED
+      ifeq ($(OS), Darwin)
+        $(1)_LDFLAGS += -undefined suppress -flat_namespace
+      endif
+    else
+      ifneq ($(OS), Darwin)
+        $(1)_LDFLAGS += -Wl,-z,defs
+      endif
+    endif
+
+    ifneq ($(OS), Darwin)
+      $(1)_LDFLAGS += -Wl,-soname=$$($(1)_NAME).$(SO_EXT)
+    endif
+
+    $(1)_PATH := $$(_d)/$$($(1)_NAME).$(SO_EXT)
+
+    $$($(1)_PATH): $$($(1)_OBJS) $$(_libs) | $$(_d)/
+	$$(trace-ld) $(CXX) -o $$@ -shared $$(GLOBAL_LDFLAGS) $$($(1)_OBJS) $$($(1)_LDFLAGS) $$($(1)_LDFLAGS_PROPAGATED) $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_LDFLAGS_USE))
+
+    $(1)_LDFLAGS_USE += -L$$(_d) -Wl,-rpath,$$(abspath $$(_d)) -l$$(patsubst lib%,%,$$(strip $$($(1)_NAME)))
+
+    $(1)_INSTALL_PATH := $(DESTDIR)$$($(1)_INSTALL_DIR)/$$($(1)_NAME).$(SO_EXT)
+
+    _libs_final := $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_INSTALL_PATH))
+
+    $$(eval $$(call create-dir, $$($(1)_INSTALL_DIR)))
+
+    $$($(1)_INSTALL_PATH): $$($(1)_OBJS) $$(_libs_final) | $(DESTDIR)$$($(1)_INSTALL_DIR)/
+	$$(trace-ld) $(CXX) -o $$@ -shared $$(GLOBAL_LDFLAGS) $$($(1)_OBJS) $$($(1)_LDFLAGS) $$($(1)_LDFLAGS_PROPAGATED) $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_LDFLAGS_USE_INSTALLED))
+
+    $(1)_LDFLAGS_USE_INSTALLED += -L$$(DESTDIR)$$($(1)_INSTALL_DIR) -l$$(patsubst lib%,%,$$(strip $$($(1)_NAME)))
+    ifeq ($(SET_RPATH_TO_LIBS), 1)
+      $(1)_LDFLAGS_USE_INSTALLED += -Wl,-rpath,$$($(1)_INSTALL_DIR)
+    endif
+
+    ifdef $(1)_FORCE_INSTALL
+      install: $$($(1)_INSTALL_PATH)
+    endif
+
+  else
+
+    $(1)_PATH := $$(_d)/$$($(1)_NAME).a
+
+    $$($(1)_PATH): $$($(1)_OBJS) | $$(_d)/
+	$(trace-ar) ar crs $$@ $$?
+
+    $(1)_LDFLAGS_USE += $$($(1)_PATH) $$($(1)_LDFLAGS)
+
+    $(1)_INSTALL_PATH := $$(libdir)/$$($(1)_NAME).a
+
+  endif
+
+  $(1)_LDFLAGS_USE += $$($(1)_LDFLAGS_PROPAGATED)
+  $(1)_LDFLAGS_USE_INSTALLED += $$($(1)_LDFLAGS_PROPAGATED)
+
+  # Propagate CFLAGS and CXXFLAGS to the individual object files.
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj)_CFLAGS=$$($(1)_CFLAGS)))
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj)_CXXFLAGS=$$($(1)_CXXFLAGS)))
+
+  # Make each object file depend on the common dependencies.
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj): $$($(1)_COMMON_DEPS) $$(GLOBAL_COMMON_DEPS)))
+
+  # Include .dep files, if they exist.
+  $(1)_DEPS := $$(foreach fn, $$($(1)_OBJS), $$(call filename-to-dep, $$(fn)))
+  -include $$($(1)_DEPS)
+
+  libs-list += $$($(1)_PATH)
+  clean-files += $$(_d)/*.a $$(_d)/*.$(SO_EXT) $$(_d)/*.o $$(_d)/.*.dep $$($(1)_DEPS) $$($(1)_OBJS)
+  dist-files += $$(_srcs)
+endef

mk/patterns.mk

@@ -0,0 +1,8 @@
+%.o: %.cc
+	$(trace-cxx) $(CXX) -o $@ -c $< $(GLOBAL_CXXFLAGS) $(GLOBAL_CXXFLAGS_PCH) $(CXXFLAGS) $($@_CXXFLAGS) -MMD -MF $(call filename-to-dep, $@) -MP
+
+%.o: %.cpp
+	$(trace-cxx) $(CXX) -o $@ -c $< $(GLOBAL_CXXFLAGS) $(GLOBAL_CXXFLAGS_PCH) $(CXXFLAGS) $($@_CXXFLAGS) -MMD -MF $(call filename-to-dep, $@) -MP
+
+%.o: %.c
+	$(trace-cc) $(CC) -o $@ -c $< $(GLOBAL_CFLAGS) $(CFLAGS) $($@_CFLAGS) -MMD -MF $(call filename-to-dep, $@) -MP

mk/programs.mk

@@ -0,0 +1,69 @@
+programs-list :=
+
+# Build a program with symbolic name $(1).  The program is defined by
+# various variables prefixed by ‘$(1)_’:
+#
+# - $(1)_DIR: the directory where the (non-installed) program will be
+#   placed.
+#
+# - $(1)_SOURCES: the source files of the program.
+#
+# - $(1)_CFLAGS: additional C compiler flags.
+#
+# - $(1)_CXXFLAGS: additional C++ compiler flags.
+#
+# - $(1)_LIBS: the symbolic names of libraries on which this program
+#   depends.
+#
+# - $(1)_LDFLAGS: additional linker flags.
+#
+# - $(1)_INSTALL_DIR: the directory where the program will be
+#   installed; defaults to $(bindir).
+define build-program
+  _d := $$($(1)_DIR)
+  _srcs := $$(sort $$(foreach src, $$($(1)_SOURCES), $$(src)))
+  $(1)_OBJS := $$(addsuffix .o, $$(basename $$(_srcs)))
+  _libs := $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_PATH))
+  $(1)_PATH := $$(_d)/$(1)
+
+  $$(eval $$(call create-dir, $$(_d)))
+
+  $$($(1)_PATH): $$($(1)_OBJS) $$(_libs) | $$(_d)/
+	$$(trace-ld) $(CXX) -o $$@ $$(GLOBAL_LDFLAGS) $$($(1)_OBJS) $$($(1)_LDFLAGS) $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_LDFLAGS_USE))
+
+  $(1)_INSTALL_DIR ?= $$(bindir)
+  $(1)_INSTALL_PATH := $$($(1)_INSTALL_DIR)/$(1)
+
+  $$(eval $$(call create-dir, $$($(1)_INSTALL_DIR)))
+
+  install: $(DESTDIR)$$($(1)_INSTALL_PATH)
+
+  ifeq ($(BUILD_SHARED_LIBS), 1)
+
+    _libs_final := $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_INSTALL_PATH))
+
+    $(DESTDIR)$$($(1)_INSTALL_PATH): $$($(1)_OBJS) $$(_libs_final) | $(DESTDIR)$$($(1)_INSTALL_DIR)/
+	$$(trace-ld) $(CXX) -o $$@ $$(GLOBAL_LDFLAGS) $$($(1)_OBJS) $$($(1)_LDFLAGS) $$(foreach lib, $$($(1)_LIBS), $$($$(lib)_LDFLAGS_USE_INSTALLED))
+
+  else
+
+    $(DESTDIR)$$($(1)_INSTALL_PATH): $$($(1)_PATH) | $(DESTDIR)$$($(1)_INSTALL_DIR)/
+	install -t $$($(1)_INSTALL_DIR) $$<
+
+  endif
+
+  # Propagate CFLAGS and CXXFLAGS to the individual object files.
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj)_CFLAGS=$$($(1)_CFLAGS)))
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj)_CXXFLAGS=$$($(1)_CXXFLAGS)))
+
+  # Make each object file depend on the common dependencies.
+  $$(foreach obj, $$($(1)_OBJS), $$(eval $$(obj): $$($(1)_COMMON_DEPS) $$(GLOBAL_COMMON_DEPS)))
+
+  # Include .dep files, if they exist.
+  $(1)_DEPS := $$(foreach fn, $$($(1)_OBJS), $$(call filename-to-dep, $$(fn)))
+  -include $$($(1)_DEPS)
+
+  programs-list += $$($(1)_PATH)
+  clean-files += $$($(1)_PATH) $$(_d)/*.o $$(_d)/.*.dep $$($(1)_DEPS) $$($(1)_OBJS)
+  dist-files += $$(_srcs)
+endef

mk/templates.mk

@@ -0,0 +1,12 @@
+template-files :=
+
+# Create the file $(1) from $(1).in by running config.status (which
+# substitutes all ‘@var@’ variables set by the configure script).
+define instantiate-template
+
+  clean-files += $(1)
+
+endef
+
+%: %.in
+	$(trace-gen) ./config.status --quiet --file $@

mk/tests.mk

@@ -0,0 +1,26 @@
+# Run program $1 as part of ‘make installcheck’.
+define run-install-test
+
+  installcheck: $1
+
+  _installcheck-list += $1
+
+endef
+
+installcheck:
+	@total=0; failed=0; for i in $(_installcheck-list); do \
+	  total=$$((total + 1)); \
+	  echo "running test $$i"; \
+	  if (cd $$(dirname $$i) && $(tests-environment) $$(basename $$i)); then \
+	    echo "PASS: $$i"; \
+	  else \
+	    echo "FAIL: $$i"; \
+	    failed=$$((failed + 1)); \
+	  fi; \
+	done; \
+	if [ "$$failed" != 0 ]; then \
+	  echo "$$failed out of $$total tests failed "; \
+	  exit 1; \
+	fi
+
+.PHONY: check installcheck

mk/tracing.mk

@@ -0,0 +1,17 @@
+V ?= 0
+
+ifeq ($(V), 0)
+
+  trace-gen     = @echo "  GEN   " $@;
+  trace-cc      = @echo "  CC    " $@;
+  trace-cxx     = @echo "  CXX   " $@;
+  trace-ld      = @echo "  LD    " $@;
+  trace-ar      = @echo "  AR    " $@;
+  trace-install = @echo "  INST  " $@;
+  trace-javac   = @echo "  JAVAC " $@;
+  trace-jar     = @echo "  JAR   " $@;
+  trace-mkdir   = @echo "  MKDIR " $@;
+
+  suppress  = @
+
+endif

nix.spec.in

@@ -3,14 +3,14 @@
 
 Summary: The Nix software deployment system
 Name: nix
-Version: @version@
+Version: @PACKAGE_VERSION@
 Release: 2%{?dist}
 License: LGPLv2+
 %if 0%{?rhel}
 Group: Applications/System
 %endif
 URL: http://nixos.org/
-Source0: %{name}-%{version}.tar.gz
+Source0: %{name}-%{version}.tar.bz2
 %if 0%{?el5}
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 %endif
@@ -22,13 +22,14 @@ Requires: /usr/bin/perl
 Requires: curl
 Requires: perl-DBD-SQLite
 Requires: bzip2
+Requires: gzip
 Requires: xz
 BuildRequires: bzip2-devel
 BuildRequires: sqlite-devel
 
 # Hack to make that shitty RPM scanning hack shut up.
 Provides: perl(Nix::SSH)
-                                                               
+
 %description
 Nix is a purely functional package manager. It allows multiple
 versions of a package to be installed side-by-side, ensures that
@@ -116,19 +117,14 @@ make DESTDIR=$RPM_BUILD_ROOT install
 
 find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 
-# Fix symlink: we want to link to the versioned soname, not to the
-# unversioned one that'd be put in -devel
-pushd $RPM_BUILD_ROOT%{perl_vendorarch}/auto/Nix/Store
-ln -sf %{_libdir}/nix/libNixStore.so.0 Store.so
-popd
-
 # Specify build users group
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/nix
 echo "build-users-group = %{nixbld_group}" > $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf
 
 # make per-user directories
 for d in profiles gcroots;
 do
-  mkdir $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
+  mkdir -p $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
   chmod 1777 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
 done
 
@@ -136,23 +132,11 @@ done
 # (until this is fixed in the relevant Makefile)
 chmod -x $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/nix.sh
 
-# systemd not available on RHEL yet
-%if ! 0%{?rhel} 
-# install systemd service descriptor
-mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/systemd/system
-cp -p misc/systemd/nix-daemon.service \
-  $RPM_BUILD_ROOT%{_prefix}/lib/systemd/system/
-%endif
-
 # Copy the byte-compiled mode file by hand
 cp -p misc/emacs/nix-mode.elc $RPM_BUILD_ROOT%{_emacs_sitelispdir}/
 
 # we ship this file in the base package
-rm $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-doc-%{version}/README
-
-
-%check
-make check
+rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-doc-%{version}/README
 
 
 %clean
@@ -174,19 +158,18 @@ chgrp %{nixbld_group} /nix/store
 chmod 1775 /nix/store
 %if ! 0%{?rhel}
 # Enable and start Nix worker
-systemctl enable nix-daemon.service
-systemctl start  nix-daemon.service
+systemctl enable nix-daemon.socket nix-daemon.service
+systemctl start  nix-daemon.socket
 %endif
 
 %files
-%doc COPYING AUTHORS README
 %{_bindir}/nix-*
-%dir %{_libdir}/nix
-%{_libdir}/nix/*.so.*
+%{_libdir}/*.so
 %{perl_vendorarch}/*
 %exclude %dir %{perl_vendorarch}/auto/
 %{_prefix}/libexec/*
 %if ! 0%{?rhel}
+%{_prefix}/lib/systemd/system/nix-daemon.socket
 %{_prefix}/lib/systemd/system/nix-daemon.service
 %endif
 %{_datadir}/emacs/site-lisp/nix-mode.el
@@ -201,7 +184,6 @@ systemctl start  nix-daemon.service
 
 %files devel
 %{_includedir}/nix
-%{_libdir}/nix/*.so
 
 %files doc
 %docdir %{_defaultdocdir}/%{name}-doc-%{version}

perl/Makefile.am

@@ -1,38 +0,0 @@
-PERL_MODULES = lib/Nix/Store.pm lib/Nix/Manifest.pm lib/Nix/GeneratePatches.pm lib/Nix/SSH.pm lib/Nix/CopyClosure.pm lib/Nix/Config.pm.in lib/Nix/Utils.pm
-
-all: $(PERL_MODULES:.in=)
-
-install-exec-local: $(PERL_MODULES:.in=) install-perl-xs
-	$(INSTALL) -d $(DESTDIR)$(perllibdir)/Nix
-	$(INSTALL_DATA) $(PERL_MODULES:.in=) $(DESTDIR)$(perllibdir)/Nix
-
-if PERL_BINDINGS
-install-perl-xs:
-	$(INSTALL) -d $(DESTDIR)$(perllibdir)/auto/Nix/Store
-	ln -sfn $(pkglibdir)/libNixStore$(dynlib_suffix) $(DESTDIR)$(perllibdir)/auto/Nix/Store/Store$(dynlib_suffix)
-
-# Awful hackery to get libtool to build Perl XS bindings.
-pkglib_LTLIBRARIES = libNixStore.la
-
-nodist_libNixStore_la_SOURCES = lib/Nix/Store.cc
-
-CLEANFILES = lib/Nix/Store.cc
-
-libNixStore_la_LIBADD = $(top_builddir)/src/libstore/libstore.la
-
-AM_CXXFLAGS = \
-  -I$(top_srcdir)/src -I$(top_srcdir)/src/libutil -I$(top_srcdir)/src/libstore \
-  -I$(shell $(perl) -e 'use Config; print $$Config{archlibexp};')/CORE \
-  -D_FILE_OFFSET_BITS=64
-
-lib/Nix/Store.cc: lib/Nix/Store.xs
-	$(INSTALL) -d lib/Nix
-	xsubpp $^ -output $@
-
-else
-install-perl-xs:
-endif
-
-EXTRA_DIST = $(PERL_MODULES) lib/Nix/Store.xs
-
-include ../substitute.mk

perl/lib/Nix/Config.pm.in

@@ -1,6 +1,6 @@
 package Nix::Config;
 
-$version = "@version@";
+$version = "@PACKAGE_VERSION@";
 
 $binDir = $ENV{"NIX_BIN_DIR"} || "@bindir@";
 $libexecDir = $ENV{"NIX_LIBEXEC_DIR"} || "@libexecdir@";
@@ -13,6 +13,7 @@ $storeDir = $ENV{"NIX_STORE_DIR"} || "@storedir@";
 $bzip2 = "@bzip2@";
 $xz = "@xz@";
 $curl = "@curl@";
+$openssl = "@openssl@";
 
 $useBindings = "@perlbindings@" eq "yes";
 
@@ -32,7 +33,7 @@ sub readConfig {
 
     open CONFIG, "<$config" or die "cannot open `$config'";
     while (<CONFIG>) {
-        /^\s*([\w|-]+)\s*=\s*(.*)$/ or next;
+        /^\s*([\w\-\.]+)\s*=\s*(.*)$/ or next;
         $config{$1} = $2;
     }
     close CONFIG;

perl/lib/Nix/CopyClosure.pm

@@ -3,16 +3,13 @@ package Nix::CopyClosure;
 use strict;
 use Nix::Config;
 use Nix::Store;
+use List::Util qw(sum);
 
 
 sub copyTo {
     my ($sshHost, $sshOpts, $storePaths, $compressor, $decompressor,
         $includeOutputs, $dryRun, $sign, $progressViewer, $useSubstitutes) = @_;
 
-    $compressor = "$compressor |" if $compressor ne "";
-    $decompressor = "$decompressor |" if $decompressor ne "";
-    $progressViewer = "$progressViewer |" if $progressViewer ne "";
-
     # Get the closure of this path.
     my @closure = reverse(topoSortPaths(computeFSClosure(0, $includeOutputs,
         map { followLinksToStorePath $_ } @{$storePaths})));
@@ -28,21 +25,28 @@ sub copyTo {
     # we'll want to use ‘--from-stdin’, but we can't rely on the
     # target having this option yet.
     my @missing = ();
+    my $missingSize = 0;
     while (scalar(@closure) > 0) {
         my @ps = splice(@closure, 0, 1500);
         open(READ, "set -f; ssh $sshHost @{$sshOpts} nix-store --check-validity --print-invalid @ps|");
         while (<READ>) {
             chomp;
             push @missing, $_;
+            my ($deriver, $narHash, $time, $narSize, $refs) = queryPathInfo($_, 1);
+            $missingSize += $narSize;
         }
         close READ or die;
     }
 
+    $compressor = "$compressor |" if $compressor ne "";
+    $decompressor = "$decompressor |" if $decompressor ne "";
+    $progressViewer = "$progressViewer -s $missingSize |" if $progressViewer ne "";
+
     # Export the store paths and import them on the remote machine.
     if (scalar @missing > 0) {
         print STDERR "copying ", scalar @missing, " missing paths to ‘$sshHost’...\n";
         unless ($dryRun) {
-            open SSH, "| $compressor $progressViewer ssh $sshHost @{$sshOpts} '$decompressor nix-store --import' > /dev/null" or die;
+            open SSH, "| $progressViewer $compressor ssh $sshHost @{$sshOpts} '$decompressor nix-store --import' > /dev/null" or die;
             exportPaths(fileno(SSH), $sign, @missing);
             close SSH or die "copying store paths to remote machine `$sshHost' failed: $?";
         }

perl/lib/Nix/Crypto.pm

@@ -0,0 +1,42 @@
+package Nix::Crypto;
+
+use strict;
+use MIME::Base64;
+use Nix::Store;
+use Nix::Config;
+use IPC::Open2;
+
+our @ISA = qw(Exporter);
+our @EXPORT = qw(signString isValidSignature);
+
+sub signString {
+    my ($privateKeyFile, $s) = @_;
+    my $hash = hashString("sha256", 0, $s);
+    my ($from, $to);
+    my $pid = open2($from, $to, $Nix::Config::openssl, "rsautl", "-sign", "-inkey", $privateKeyFile);
+    print $to $hash;
+    close $to;
+    local $/ = undef;
+    my $sig = <$from>;
+    close $from;
+    waitpid($pid, 0);
+    die "$0: OpenSSL returned exit code $? while signing hash\n" if $? != 0;
+    my $sig64 = encode_base64($sig, "");
+    return $sig64;
+}
+
+sub isValidSignature {
+    my ($publicKeyFile, $sig64, $s) = @_;
+    my ($from, $to);
+    my $pid = open2($from, $to, $Nix::Config::openssl, "rsautl", "-verify", "-inkey", $publicKeyFile, "-pubin");
+    print $to decode_base64($sig64);
+    close $to;
+    my $decoded = <$from>;
+    close $from;
+    waitpid($pid, 0);
+    return 0 if $? != 0;
+    my $hash = hashString("sha256", 0, $s);
+    return $decoded eq $hash;
+}
+
+1;

perl/lib/Nix/GeneratePatches.pm

@@ -225,7 +225,7 @@ sub generatePatches {
             }
         
             my $time1 = time();
-            my $res = system("ulimit -t $timeLimit; $Nix::Config::libexecDir/bsdiff $tmpDir/A $tmpDir/B $tmpDir/DIFF");
+            my $res = system("ulimit -t $timeLimit; $Nix::Config::libexecDir/nix/bsdiff $tmpDir/A $tmpDir/B $tmpDir/DIFF");
             my $time2 = time();
             if ($res) {
                 warn "binary diff computation aborted after ", $time2 - $time1, " seconds\n";

perl/lib/Nix/Manifest.pm

@@ -2,11 +2,13 @@ package Nix::Manifest;
 
 use strict;
 use DBI;
+use DBD::SQLite;
 use Cwd;
 use File::stat;
 use File::Path;
 use Fcntl ':flock';
 use Nix::Config;
+use Nix::Crypto;
 
 our @ISA = qw(Exporter);
 our @EXPORT = qw(readManifest writeManifest updateManifestDB addPatch deleteOldManifests parseNARInfo);
@@ -227,6 +229,9 @@ sub writeManifest {
 sub updateManifestDB {
     my $manifestDir = $Nix::Config::manifestDir;
 
+    my @manifests = glob "$manifestDir/*.nixmanifest";
+    return undef if scalar @manifests == 0;
+
     mkpath($manifestDir);
 
     unlink "$manifestDir/cache.sqlite"; # remove obsolete cache
@@ -311,7 +316,7 @@ EOF
     # unless we've already done so on a previous run.
     my %seen;
 
-    for my $manifestLink (glob "$manifestDir/*.nixmanifest") {
+    for my $manifestLink (@manifests) {
         my $manifest = Cwd::abs_path($manifestLink);
         next unless -f $manifest;
         my $timestamp = lstat($manifest)->mtime;
@@ -390,9 +395,10 @@ sub deleteOldManifests {
 
 # Parse a NAR info file.
 sub parseNARInfo {
-    my ($storePath, $content) = @_;
+    my ($storePath, $content, $requireValidSig, $location) = @_;
 
-    my ($storePath2, $url, $fileHash, $fileSize, $narHash, $narSize, $deriver, $system);
+    my ($storePath2, $url, $fileHash, $fileSize, $narHash, $narSize, $deriver, $system, $sig);
+    my $signedData = "";
     my $compression = "bzip2";
     my @refs;
 
@@ -408,11 +414,13 @@ sub parseNARInfo {
         elsif ($1 eq "References") { @refs = split / /, $2; }
         elsif ($1 eq "Deriver") { $deriver = $2; }
         elsif ($1 eq "System") { $system = $2; }
+        elsif ($1 eq "Signature") { $sig = $2; last; }
+        $signedData .= "$line\n";
     }
 
     return undef if $storePath ne $storePath2 || !defined $url || !defined $narHash;
 
-    return
+    my $res =
         { url => $url
         , compression => $compression
         , fileHash => $fileHash
@@ -423,6 +431,36 @@ sub parseNARInfo {
         , deriver => $deriver
         , system => $system
         };
+
+    if ($requireValidSig) {
+        if (!defined $sig) {
+            warn "NAR info file `$location' lacks a signature; ignoring\n";
+            return undef;
+        }
+        my ($sigVersion, $keyName, $sig64) = split ";", $sig;
+        $sigVersion //= 0;
+        if ($sigVersion != 1) {
+            warn "NAR info file `$location' has unsupported version $sigVersion; ignoring\n";
+            return undef;
+        }
+        return undef unless defined $keyName && defined $sig64;
+        my $publicKeyFile = $Nix::Config::config{"binary-cache-public-key-$keyName"};
+        if (!defined $publicKeyFile) {
+            warn "NAR info file `$location' is signed by unknown key `$keyName'; ignoring\n";
+            return undef;
+        }
+        if (! -f $publicKeyFile) {
+            die "binary cache public key file `$publicKeyFile' does not exist\n";
+            return undef;
+        }
+        if (!isValidSignature($publicKeyFile, $sig64, $signedData)) {
+            warn "NAR info file `$location' has an invalid signature; ignoring\n";
+            return undef;
+        }
+        $res->{signedBy} = $keyName;
+    }
+
+    return $res;
 }
 
 

perl/lib/Nix/SSH.pm

@@ -44,6 +44,7 @@ sub closeSSHConnection {
     if ($sshStarted) {
         system("ssh $sshHost @sshOpts -O exit 2> /dev/null") == 0
             or warn "unable to stop SSH master: $?";
+        $sshStarted = 0;
     }
 }
 

perl/lib/Nix/Store.pm

@@ -42,50 +42,50 @@ if ($Nix::Config::useBindings) {
     use File::Temp;
     use Fcntl qw/F_SETFD/;
 
-    sub hashFile {
+    *hashFile = sub {
         my ($algo, $base32, $path) = @_;
         my $res = backtick("$Nix::Config::binDir/nix-hash", "--flat", $path, "--type", $algo, $base32 ? "--base32" : ());
         chomp $res;
         return $res;
-    }
-    
-    sub hashPath {
+    };
+
+    *hashPath = sub {
         my ($algo, $base32, $path) = @_;
         my $res = backtick("$Nix::Config::binDir/nix-hash", $path, "--type", $algo, $base32 ? "--base32" : ());
         chomp $res;
         return $res;
-    }
-    
-    sub hashString {
+    };
+
+    *hashString = sub {
         my ($algo, $base32, $s) = @_;
         my $fh = File::Temp->new();
         print $fh $s;
         my $res = backtick("$Nix::Config::binDir/nix-hash", $fh->filename, "--type", $algo, $base32 ? "--base32" : ());
         chomp $res;
         return $res;
-    }
-    
-    sub addToStore {
+    };
+
+    *addToStore = sub {
         my ($srcPath, $recursive, $algo) = @_;
         die "not implemented" if $recursive || $algo ne "sha256";
         my $res = backtick("$Nix::Config::binDir/nix-store", "--add", $srcPath);
         chomp $res;
         return $res;
-    }
-    
-    sub isValidPath {
+    };
+
+    *isValidPath = sub {
         my ($path) = @_;
         my $res = backtick("$Nix::Config::binDir/nix-store", "--check-validity", "--print-invalid", $path);
         chomp $res;
         return $res ne $path;
-    }
-    
-    sub queryPathHash {
+    };
+
+    *queryPathHash = sub {
         my ($path) = @_;
         my $res = backtick("$Nix::Config::binDir/nix-store", "--query", "--hash", $path);
         chomp $res;
         return $res;
-    }
+    };
 }
 
 1;

perl/lib/Nix/Store.xs

@@ -20,6 +20,9 @@ void doInit()
     if (!store) {
         try {
             settings.processEnvironment();
+            settings.loadConfFile();
+            settings.update();
+            settings.lockCPU = false;
             store = openStore();
         } catch (Error & e) {
             croak(e.what());
@@ -32,6 +35,10 @@ MODULE = Nix::Store PACKAGE = Nix::Store
 PROTOTYPES: ENABLE
 
 
+#undef dNOOP // Hack to work around "error: declaration of 'Perl___notused' has a different language linkage" error message on clang.
+#define dNOOP
+
+
 void init()
     CODE:
         doInit();

perl/local.mk

@@ -0,0 +1,40 @@
+nix_perl_sources := \
+  $(d)/lib/Nix/Store.pm \
+  $(d)/lib/Nix/Manifest.pm \
+  $(d)/lib/Nix/GeneratePatches.pm \
+  $(d)/lib/Nix/SSH.pm \
+  $(d)/lib/Nix/CopyClosure.pm \
+  $(d)/lib/Nix/Config.pm.in \
+  $(d)/lib/Nix/Utils.pm \
+  $(d)/lib/Nix/Crypto.pm
+
+nix_perl_modules := $(nix_perl_sources:.in=)
+
+$(foreach x, $(nix_perl_modules), $(eval $(call install-data-in, $(x), $(perllibdir)/Nix)))
+
+ifeq ($(perlbindings), yes)
+
+  $(d)/lib/Nix/Store.cc: $(d)/lib/Nix/Store.xs
+	$(trace-gen) xsubpp $^ -output $@
+
+  libraries += Store
+
+  Store_DIR := $(d)/lib/Nix
+
+  Store_SOURCES := $(Store_DIR)/Store.cc
+
+  Store_LIBS = libstore
+
+  Store_CXXFLAGS = \
+    -I$(shell $(perl) -e 'use Config; print $$Config{archlibexp};')/CORE \
+    -D_FILE_OFFSET_BITS=64
+
+  Store_ALLOW_UNDEFINED = 1
+
+  Store_FORCE_INSTALL = 1
+
+  Store_INSTALL_DIR = $(perllibdir)/auto/Nix/Store
+
+endif
+
+clean-files += $(d)/lib/Nix/Config.pm $(d)/lib/Nix/Store.cc

release.nix

@@ -1,15 +1,19 @@
-{ nixpkgs ? <nixpkgs>
-, nix ? { outPath = ./.; revCount = 1234; shortRev = "abcdef"; }
+{ nix ? { outPath = ./.; revCount = 1234; shortRev = "abcdef"; }
 , officialRelease ? false
 }:
 
 let
 
+  pkgs = import <nixpkgs> {};
+
+  systems = [ "x86_64-linux" "i686-linux" "x86_64-darwin" /* "x86_64-freebsd" "i686-freebsd" */ ];
+
+
   jobs = rec {
 
 
     tarball =
-      with import nixpkgs {};
+      with pkgs;
 
       releaseTools.sourceTarball {
         name = "nix-tarball";
@@ -19,14 +23,13 @@ let
         inherit officialRelease;
 
         buildInputs =
-          [ curl bison25 flex2535 perl libxml2 libxslt w3m bzip2
+          [ curl bison flex perl libxml2 libxslt w3m bzip2
             tetex dblatex nukeReferences pkgconfig sqlite git
           ];
 
         configureFlags = ''
           --with-docbook-rng=${docbook5}/xml/rng/docbook
           --with-docbook-xsl=${docbook5_xsl}/xml/xsl/docbook
-          --with-xml-flags=--nonet
           --with-dbi=${perlPackages.DBI}/${perl.libPrefix}
           --with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}
           --with-www-curl=${perlPackages.WWWCurl}/${perl.libPrefix}
@@ -45,16 +48,15 @@ let
         distPhase =
           ''
             runHook preDist
-            make dist-gzip
-            make dist-xz
+            make dist
             mkdir -p $out/tarballs
             cp *.tar.* $out/tarballs
           '';
 
         preDist = ''
-          make -C doc/manual install prefix=$out
+          make install docdir=$out/share/doc/nix makefiles=doc/manual/local.mk
 
-          make -C doc/manual manual.pdf prefix=$out
+          make doc/manual/manual.pdf
           cp doc/manual/manual.pdf $out/manual.pdf
 
           # The PDF containes filenames of included graphics (see
@@ -67,15 +69,14 @@ let
 
           echo "doc manual $out/share/doc/nix/manual" >> $out/nix-support/hydra-build-products
           echo "doc-pdf manual $out/manual.pdf" >> $out/nix-support/hydra-build-products
-          echo "doc release-notes $out/share/doc/nix/release-notes" >> $out/nix-support/hydra-build-products
+          echo "doc release-notes $out/share/doc/nix/manual release-notes.html" >> $out/nix-support/hydra-build-products
         '';
       };
 
 
-    build =
-      { system ? "x86_64-linux" }:
+    build = pkgs.lib.genAttrs systems (system:
 
-      with import nixpkgs { inherit system; };
+      with import <nixpkgs> { inherit system; };
 
       releaseTools.nixBuild {
         name = "nix";
@@ -96,18 +97,21 @@ let
 
         makeFlags = "profiledir=$(out)/etc/profile.d";
 
+        preBuild = "unset NIX_INDENT_MAKE";
+
         installFlags = "sysconfdir=$(out)/etc";
 
         doInstallCheck = true;
-      };
+        installCheckFlags = "sysconfdir=$(out)/etc";
+      });
 
-    binaryTarball =
-      { system ? "x86_64-linux" }:
 
-      with import nixpkgs { inherit system; };
+    binaryTarball = pkgs.lib.genAttrs systems (system:
+
+      with import <nixpkgs> { inherit system; };
 
       let
-        toplevel = build { inherit system; };
+        toplevel = builtins.getAttr system jobs.build;
         version = toplevel.src.version;
       in
 
@@ -120,21 +124,25 @@ let
           storePaths=$(perl ${pathsFromGraph} ./closure)
           printRegistration=1 perl ${pathsFromGraph} ./closure > $TMPDIR/reginfo
           substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
-            --subst-var-by nix ${toplevel} --subst-var-by regInfo /nix/store/reginfo
+            --subst-var-by nix ${toplevel}
           chmod +x $TMPDIR/install
-          fn=$out/nix-${version}-${system}.tar.bz2
+          dir=nix-${version}-${system}
+          fn=$out/$dir.tar.bz2
           mkdir -p $out/nix-support
           echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
           tar cvfj $fn \
-            --owner=0 --group=0 --absolute-names \
-            --transform "s,$TMPDIR/install,/usr/bin/nix-finish-install," \
-            --transform "s,$TMPDIR/reginfo,/nix/store/reginfo," \
+            --owner=0 --group=0 --mode=u+rw,uga+r \
+            --absolute-names \
+            --hard-dereference \
+            --transform "s,$TMPDIR/install,$dir/install," \
+            --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
+            --transform "s,$NIX_STORE,$dir/store,S" \
             $TMPDIR/install $TMPDIR/reginfo $storePaths
-        '';
+        '');
 
 
     coverage =
-      with import nixpkgs { system = "x86_64-linux"; };
+      with import <nixpkgs> { system = "x86_64-linux"; };
 
       releaseTools.coverageAnalysis {
         name = "nix-build";
@@ -166,17 +174,21 @@ let
       };
 
 
-    rpm_fedora13i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora13i386) 50;
-    rpm_fedora13x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora13x86_64) 50;
     rpm_fedora16i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora16i386) 50;
     rpm_fedora16x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora16x86_64) 50;
+    rpm_fedora18i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora18i386) 60;
+    rpm_fedora18x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora18x86_64) 60;
+    rpm_fedora19i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora19i386) 70;
+    rpm_fedora19x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora19x86_64) 70;
+    rpm_fedora20i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora20i386) 70;
+    rpm_fedora20x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora20x86_64) 70;
 
 
-    deb_debian60i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian60i386) 50;
-    deb_debian60x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian60x86_64) 50;
+    #deb_debian60i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian60i386) 50;
+    #deb_debian60x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian60x86_64) 50;
+    deb_debian7i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian7i386) 60;
+    deb_debian7x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian7x86_64) 60;
 
-    deb_ubuntu1004i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1004i386) 50;
-    deb_ubuntu1004x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1004x86_64) 50;
     deb_ubuntu1010i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1010i386) 50;
     deb_ubuntu1010x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1010x86_64) 50;
     deb_ubuntu1110i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1110i386) 60;
@@ -185,17 +197,53 @@ let
     deb_ubuntu1204x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1204x86_64) 60;
     deb_ubuntu1210i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1210i386) 70;
     deb_ubuntu1210x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1210x86_64) 70;
+    deb_ubuntu1304i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1304i386) 80;
+    deb_ubuntu1304x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1304x86_64) 80;
+    deb_ubuntu1310i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1310i386) 90;
+    deb_ubuntu1310x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1310x86_64) 90;
 
 
     # System tests.
     tests.remote_builds = (import ./tests/remote-builds.nix rec {
-      nix = build { inherit system; }; system = "x86_64-linux";
+      nix = build.x86_64-linux; system = "x86_64-linux";
     }).test;
 
     tests.nix_copy_closure = (import ./tests/nix-copy-closure.nix rec {
-      nix = build { inherit system; }; system = "x86_64-linux";
+      nix = build.x86_64-linux; system = "x86_64-linux";
     }).test;
 
+
+    # Aggregate job containing the release-critical jobs.
+    release = pkgs.releaseTools.aggregate {
+      name = "nix-${tarball.version}";
+      meta.description = "Release-critical builds";
+      constituents =
+        [ tarball
+          #build.i686-freebsd
+          build.i686-linux
+          build.x86_64-darwin
+          #build.x86_64-freebsd
+          build.x86_64-linux
+          #binaryTarball.i686-freebsd
+          binaryTarball.i686-linux
+          binaryTarball.x86_64-darwin
+          #binaryTarball.x86_64-freebsd
+          binaryTarball.x86_64-linux
+          deb_debian7i386
+          deb_debian7x86_64
+          deb_ubuntu1304i386
+          deb_ubuntu1304x86_64
+          deb_ubuntu1310i386
+          deb_ubuntu1310x86_64
+          rpm_fedora19i386
+          rpm_fedora19x86_64
+          rpm_fedora20i386
+          rpm_fedora20x86_64
+          tests.remote_builds
+          tests.nix_copy_closure
+        ];
+    };
+
   };
 
 
@@ -205,7 +253,7 @@ let
   makeRPM =
     system: diskImageFun: prio:
 
-    with import nixpkgs { inherit system; };
+    with import <nixpkgs> { inherit system; };
 
     releaseTools.rpmBuild rec {
       name = "nix-rpm";
@@ -224,7 +272,7 @@ let
   makeDeb =
     system: diskImageFun: prio:
 
-    with import nixpkgs { inherit system; };
+    with import <nixpkgs> { inherit system; };
 
     releaseTools.debBuild {
       name = "nix-deb";
@@ -235,6 +283,7 @@ let
       meta.schedulingPriority = prio;
       configureFlags = "--sysconfdir=/etc";
       debRequires = [ "curl" "libdbd-sqlite3-perl" "libsqlite3-0" "libbz2-1.0" "bzip2" "xz-utils" "libwww-curl-perl" ];
+      debMaintainer = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
       doInstallCheck = true;
     };
 

scripts/Makefile.am

@@ -1,40 +0,0 @@
-bin_SCRIPTS = nix-collect-garbage \
-  nix-pull nix-push nix-prefetch-url \
-  nix-install-package nix-channel nix-build \
-  nix-copy-closure nix-generate-patches
-
-noinst_SCRIPTS = nix-profile.sh \
-  find-runtime-roots.pl build-remote.pl nix-reduce-build \
-  copy-from-other-stores.pl nix-http-export.cgi
-
-profiledir = $(sysconfdir)/profile.d
-
-install-exec-local: download-using-manifests.pl copy-from-other-stores.pl download-from-binary-cache.pl find-runtime-roots.pl
-	$(INSTALL) -d $(DESTDIR)$(profiledir)
-	$(INSTALL_DATA) nix-profile.sh $(DESTDIR)$(profiledir)/nix.sh
-	$(INSTALL) -d $(DESTDIR)$(libexecdir)/nix
-	$(INSTALL_PROGRAM) find-runtime-roots.pl $(DESTDIR)$(libexecdir)/nix 
-	$(INSTALL_PROGRAM) build-remote.pl $(DESTDIR)$(libexecdir)/nix 
-	$(INSTALL) -d $(DESTDIR)$(libexecdir)/nix/substituters
-	$(INSTALL_PROGRAM) download-using-manifests.pl copy-from-other-stores.pl download-from-binary-cache.pl $(DESTDIR)$(libexecdir)/nix/substituters
-	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
-
-include ../substitute.mk
-
-EXTRA_DIST = nix-collect-garbage.in \
-  nix-pull.in nix-push.in nix-profile.sh.in \
-  nix-prefetch-url.in nix-install-package.in \
-  nix-channel.in \
-  nix-build.in \
-  download-using-manifests.pl.in \
-  copy-from-other-stores.pl.in \
-  download-from-binary-cache.pl.in \
-  nix-copy-closure.in \
-  find-runtime-roots.pl.in \
-  build-remote.pl.in \
-  nix-reduce-build.in \
-  nix-http-export.cgi.in \
-  nix-generate-patches.in
-
-clean:
-	rm -f $(bin_SCRIPTS) $(noinst_SCRIPTS)

scripts/build-remote.pl.in

@@ -195,9 +195,13 @@ REQ: while (1) {
         # Connect to the selected machine.
         @sshOpts = ("-i", $machine->{sshKeys}, "-x");
         $hostName = $machine->{hostName};
-        last REQ if openSSHConnection $hostName;
-
-        warn "unable to open SSH connection to $hostName, trying other available machines...\n";
+        if (openSSHConnection($hostName)) {
+            last REQ if system("ssh $hostName @sshOpts nix-builds-inhibited < /dev/null > /dev/null 2>&1") != 0;
+            warn "machine `$hostName' is refusing builds, trying other available machines...\n";
+            closeSSHConnection;
+        } else {
+            warn "unable to open SSH connection to `$hostName', trying other available machines...\n";
+        }
         $machine->{enabled} = 0;
     }
 }
@@ -209,7 +213,6 @@ my @inputs = split /\s/, readline(STDIN);
 my @outputs = split /\s/, readline(STDIN);
 
 
-print STDERR "building `$drvPath' on `$hostName'\n";
 print STDERR "@ build-remote $drvPath $hostName\n" if $printBuildTrace;
 
 
@@ -260,7 +263,7 @@ close UPLOADLOCK;
 my $buildFlags =
     "--max-silent-time $maxSilentTime --option build-timeout $buildTimeout"
     . " --fallback --add-root $rootsDir/\$PPID.out --quiet"
-    . " --option build-keep-log false";
+    . " --option build-keep-log false --option build-use-substitutes false";
 
 # We let the remote side kill its process group when the connection is
 # closed unexpectedly.  This is necessary to ensure that no processes
@@ -269,8 +272,9 @@ my $buildFlags =
 # is interrupted unless the `-tt' flag is used to force a pseudo-tty,
 # in which case every child receives SIGHUP; however, `-tt' doesn't
 # work on some platforms when connection sharing is used.)
+print STDERR "building `$drvPath' on `$hostName'\n";
 pipe STDIN, DUMMY; # make sure we have a readable STDIN
-if (system("exec ssh $hostName @sshOpts '(read; kill -INT -\$\$) <&0 & nix-store -r $drvPath $buildFlags > /dev/null' 2>&4") != 0) {
+if (system("exec ssh $hostName @sshOpts '(read; kill -INT -\$\$) <&0 & exec nix-store -r $drvPath $buildFlags > /dev/null' 2>&4") != 0) {
     # Note that if we get exit code 100 from `nix-store -r', it
     # denotes a permanent build failure (as opposed to an SSH problem
     # or a temporary Nix problem).  We propagate this to the caller to
@@ -286,13 +290,11 @@ if (system("exec ssh $hostName @sshOpts '(read; kill -INT -\$\$) <&0 & nix-store
 
 
 # Copy the output from the build machine.
-foreach my $output (@outputs) {
-    my $maybeSignRemote = "";
-    $maybeSignRemote = "--sign" if $UID != 0;
-    next if isValidPath($output);
-    system("exec ssh $hostName @sshOpts 'nix-store --export $maybeSignRemote $output'" .
-           "| NIX_HELD_LOCKS=$output @bindir@/nix-store --import > /dev/null") == 0
-        or die "cannot copy $output from $hostName: $?";
+my @outputs2 = grep { !isValidPath($_) } @outputs;
+if (scalar @outputs2 > 0) {
+    system("exec ssh $hostName @sshOpts 'nix-store --export @outputs2'" .
+           "| NIX_HELD_LOCKS='@outputs2' @bindir@/nix-store --import > /dev/null") == 0
+        or die("cannot copy paths " . join(", ", @outputs) . " from `$hostName': $?");
 }
 
 

scripts/copy-from-other-stores.pl.in

@@ -16,6 +16,9 @@ foreach my $dir (@remoteStoresAll) {
     push @remoteStores, glob($dir);
 }
 
+exit if scalar @remoteStores == 0;
+print "\n";
+
 
 $ENV{"NIX_REMOTE"} = "";
 
@@ -27,7 +30,7 @@ sub findStorePath {
         next unless -e $sourcePath || -l $sourcePath;
         $ENV{"NIX_DB_DIR"} = "$store/var/nix/db";
         return ($store, $sourcePath) if
-            system("@bindir@/nix-store --check-validity $storePath") == 0;
+            system("$binDir/nix-store --check-validity $storePath") == 0;
     }
     return undef;
 }
@@ -53,16 +56,16 @@ if ($ARGV[0] eq "--query") {
 
                 $ENV{"NIX_DB_DIR"} = "$store/var/nix/db";
 
-                my $deriver = `@bindir@/nix-store --query --deriver $storePath`;
+                my $deriver = `$binDir/nix-store --query --deriver $storePath`;
                 die "cannot query deriver of `$storePath'" if $? != 0;
                 chomp $deriver;
                 $deriver = "" if $deriver eq "unknown-deriver";
 
                 my @references = split "\n",
-                    `@bindir@/nix-store --query --references $storePath`;
+                    `$binDir/nix-store --query --references $storePath`;
                 die "cannot query references of `$storePath'" if $? != 0;
 
-                my $narSize = `@bindir@/nix-store --query --size $storePath`;
+                my $narSize = `$binDir/nix-store --query --size $storePath`;
                 die "cannot query size of `$storePath'" if $? != 0;
                 chomp $narSize;
 
@@ -70,7 +73,7 @@ if ($ARGV[0] eq "--query") {
                 print "$deriver\n";
                 print scalar @references, "\n";
                 print "$_\n" foreach @references;
-                print "$narSize\n";
+                print "0\n";
                 print "$narSize\n";
             }
 

scripts/download-from-binary-cache.pl.in

@@ -1,6 +1,7 @@
 #! @perl@ -w @perlFlags@
 
 use DBI;
+use DBD::SQLite;
 use File::Basename;
 use IO::Select;
 use Nix::Config;
@@ -24,8 +25,11 @@ my $ttlNegative = 24 * 3600; # when to purge negative lookups from the database
 my $ttlNegativeUse = 3600; # how long negative lookups are valid for non-"have" lookups
 my $didExpiration = 0;
 
-my $debug = ($ENV{"NIX_DEBUG_SUBST"} // "") eq 1;
-open(STDERR, ">>/dev/tty") if $debug;
+my $showAfter = 5; # show that we're waiting for a request after this many seconds
+
+my $debug = ($Nix::Config::config{"debug-subst"} // "") eq 1 || ($Nix::Config::config{"untrusted-debug-subst"} // "") eq 1;
+
+my $cacheFileURLs = ($ENV{"_NIX_CACHE_FILE_URLS"} // "") eq 1; # for testing
 
 my ($dbh, $queryCache, $insertNAR, $queryNAR, $insertNARExistence, $queryNARExistence, $expireNARExistence);
 
@@ -36,7 +40,14 @@ my %requests;
 my %scheduled;
 my $caBundle = $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"};
 
-my $userName = getpwuid($<) or die "cannot figure out user name";
+my $userName = getpwuid($<) || $ENV{"USER"} or die "cannot figure out user name";
+
+my $requireSignedBinaryCaches = ($Nix::Config::config{"signed-binary-caches"} // "0") ne "0";
+
+my $curlConnectTimeout = int(
+    $Nix::Config::config{"untrusted-connect-timeout"} //
+    $Nix::Config::config{"connect-timeout"} //
+    $ENV{"NIX_CONNECT_TIMEOUT"} // 0);
 
 
 sub addRequest {
@@ -44,7 +55,8 @@ sub addRequest {
 
     my $curl = WWW::Curl::Easy->new;
     my $curlId = $curlIdCount++;
-    $requests{$curlId} = { storePath => $storePath, url => $url, handle => $curl, content => "", type => $head ? "HEAD" : "GET" };
+    $requests{$curlId} = { storePath => $storePath, url => $url, handle => $curl, content => "", type => $head ? "HEAD" : "GET"
+                         , shown => 0, started => time() };
 
     $curl->setopt(CURLOPT_PRIVATE, $curlId);
     $curl->setopt(CURLOPT_URL, $url);
@@ -55,6 +67,7 @@ sub addRequest {
     $curl->setopt(CURLOPT_USERAGENT, "Nix/$Nix::Config::version");
     $curl->setopt(CURLOPT_NOBODY, 1) if $head;
     $curl->setopt(CURLOPT_FAILONERROR, 1);
+    $curl->setopt(CURLOPT_CONNECTTIMEOUT, $curlConnectTimeout);
 
     if ($activeRequests >= $maxParallelRequests) {
         $scheduled{$curlId} = 1;
@@ -74,7 +87,7 @@ sub processRequests {
 
         # Sleep until we can read or write some data.
         if (scalar @{$rfds} + scalar @{$wfds} + scalar @{$efds} > 0) {
-            IO::Select->select(IO::Select->new(@{$rfds}), IO::Select->new(@{$wfds}), IO::Select->new(@{$efds}), 0.1);
+            IO::Select->select(IO::Select->new(@{$rfds}), IO::Select->new(@{$wfds}), IO::Select->new(@{$efds}), 1.0);
         }
 
         if ($curlm->perform() != $activeRequests) {
@@ -99,14 +112,25 @@ sub processRequests {
                 }
             }
         }
+
+        my $time = time();
+        while (my ($key, $request) = each %requests) {
+            next unless defined $request->{handle};
+            next if $request->{shown};
+            if ($time > $request->{started} + $showAfter) {
+                print STDERR "still waiting for ‘$request->{url}’ after $showAfter seconds...\n";
+                $request->{shown} = 1;
+            }
+        }
     }
 }
 
 
 sub initCache {
-    my $dbPath = "$Nix::Config::stateDir/binary-cache-v2.sqlite";
+    my $dbPath = "$Nix::Config::stateDir/binary-cache-v3.sqlite";
 
     unlink "$Nix::Config::stateDir/binary-cache-v1.sqlite";
+    unlink "$Nix::Config::stateDir/binary-cache-v2.sqlite";
 
     # Open/create the database.
     $dbh = DBI->connect("dbi:SQLite:dbname=$dbPath", "", "")
@@ -143,7 +167,7 @@ EOF
             narSize          integer,
             refs             text,
             deriver          text,
-            system           text,
+            signedBy         text,
             timestamp        integer not null,
             primary key (cache, storePath),
             foreign key (cache) references BinaryCaches(id) on delete cascade
@@ -167,7 +191,7 @@ EOF
 
     $insertNAR = $dbh->prepare(
         "insert or replace into NARs(cache, storePath, url, compression, fileHash, fileSize, narHash, " .
-        "narSize, refs, deriver, system, timestamp) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die;
+        "narSize, refs, deriver, signedBy, timestamp) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die;
 
     $queryNAR = $dbh->prepare("select * from NARs where cache = ? and storePath = ?") or die;
 
@@ -184,17 +208,13 @@ sub getAvailableCaches {
     return if $gotCaches;
     $gotCaches = 1;
 
-    return if
-        ($Nix::Config::config{"use-binary-caches"} // "true") eq "false" ||
-        ($Nix::Config::config{"untrusted-use-binary-caches"} // "true") eq "false";
-
     sub strToList {
         my ($s) = @_;
         return map { s/\/+$//; $_ } split(/ /, $s);
     }
 
     my @urls = strToList($Nix::Config::config{"binary-caches"} //
-        ($Nix::Config::storeDir eq "/nix/store" ? "http://nixos.org/binary-cache" : ""));
+        ($Nix::Config::storeDir eq "/nix/store" ? "http://cache.nixos.org" : ""));
 
     my $urlsFiles = $Nix::Config::config{"binary-cache-files"}
         // "$Nix::Config::stateDir/profiles/per-user/$userName/channels/binary-caches/*";
@@ -206,12 +226,15 @@ sub getAvailableCaches {
         push @urls, strToList($url);
     }
 
+    push @urls, strToList($Nix::Config::config{"extra-binary-caches"} // "");
+
     # Allow Nix daemon users to override the binary caches to a subset
     # of those listed in the config file.  Note that ‘untrusted-*’
     # denotes options passed by the client.
+    my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
+
     if (defined $Nix::Config::config{"untrusted-binary-caches"}) {
         my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"};
-        my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
         @urls = ();
         foreach my $url (@untrustedUrls) {
             die "binary cache ‘$url’ is not trusted (please add it to ‘trusted-binary-caches’ [@trustedUrls] in $Nix::Config::confDir/nix.conf)\n"
@@ -220,6 +243,12 @@ sub getAvailableCaches {
         }
     }
 
+    my @untrustedUrls = strToList $Nix::Config::config{"untrusted-extra-binary-caches"} // "";
+    foreach my $url (@untrustedUrls) {
+        next unless scalar(grep { $url eq $_ } @trustedUrls) > 0;
+        push @urls, $url;
+    }
+
     foreach my $url (uniq @urls) {
 
         # FIXME: not atomic.
@@ -254,11 +283,12 @@ sub getAvailableCaches {
             elsif ($1 eq "Priority") { $priority = int($2); }
         }
 
-        $dbh->do("insert into BinaryCaches(url, timestamp, storeDir, wantMassQuery, priority) values (?, ?, ?, ?, ?)",
+        $dbh->do("insert or replace into BinaryCaches(url, timestamp, storeDir, wantMassQuery, priority) values (?, ?, ?, ?, ?)",
                  {}, $url, time(), $storeDir, $wantMassQuery, $priority);
-        my $id = $dbh->last_insert_id("", "", "", "");
+        $queryCache->execute($url);
+        $res = $queryCache->fetchrow_hashref() or die;
         next if $storeDir ne $Nix::Config::storeDir;
-        push @caches, { id => $id, url => $url, wantMassQuery => $wantMassQuery, priority => $priority };
+        push @caches, { id => $res->{id}, url => $url, wantMassQuery => $wantMassQuery, priority => $priority };
     }
 
     @caches = sort { $a->{priority} <=> $b->{priority} } @caches;
@@ -267,29 +297,37 @@ sub getAvailableCaches {
 }
 
 
+sub shouldCache {
+    my ($url) = @_;
+    return $cacheFileURLs || $url !~ /^file:/;
+}
+
+
 sub processNARInfo {
     my ($storePath, $cache, $request) = @_;
 
     if ($request->{result} != 0) {
-        if ($request->{result} != 37 && $request->{httpStatus} != 404) {
+        if ($request->{result} != 37 && $request->{httpStatus} != 404 && $request->{httpStatus} != 403) {
             print STDERR "could not download ‘$request->{url}’ (" .
                 ($request->{result} != 0 ? "Curl error $request->{result}" : "HTTP status $request->{httpStatus}") . ")\n";
         } else {
             $insertNARExistence->execute($cache->{id}, basename($storePath), 0, time())
-                unless $request->{url} =~ /^file:/;
+                if shouldCache $request->{url};
         }
         return undef;
     }
 
-    my $narInfo = parseNARInfo($storePath, $request->{content});
+    my $narInfo = parseNARInfo($storePath, $request->{content}, $requireSignedBinaryCaches, $request->{url});
     return undef unless defined $narInfo;
 
+    die if $requireSignedBinaryCaches && !defined $narInfo->{signedBy};
+
     # Cache the result.
     $insertNAR->execute(
         $cache->{id}, basename($storePath), $narInfo->{url}, $narInfo->{compression},
         $narInfo->{fileHash}, $narInfo->{fileSize}, $narInfo->{narHash}, $narInfo->{narSize},
-        join(" ", @{$narInfo->{refs}}), $narInfo->{deriver}, $narInfo->{system}, time())
-        unless $request->{url} =~ /^file:/;
+        join(" ", @{$narInfo->{refs}}), $narInfo->{deriver}, $narInfo->{signedBy}, time())
+        if shouldCache $request->{url};
 
     return $narInfo;
 }
@@ -302,6 +340,10 @@ sub getCachedInfoFrom {
     my $res = $queryNAR->fetchrow_hashref();
     return undef unless defined $res;
 
+    # We may previously have cached this info when signature checking
+    # was disabled.  In that case, ignore the cached info.
+    return undef if $requireSignedBinaryCaches && !defined $res->{signedBy};
+
     return
         { url => $res->{url}
         , compression => $res->{compression}
@@ -311,6 +353,7 @@ sub getCachedInfoFrom {
         , narSize => $res->{narSize}
         , refs => [ split " ", $res->{refs} ]
         , deriver => $res->{deriver}
+        , signedBy => $res->{signedBy}
         } if defined $res;
 }
 
@@ -450,17 +493,17 @@ sub printSubstitutablePaths {
 
         foreach my $request (values %requests) {
             if ($request->{result} != 0) {
-                if ($request->{result} != 37 && $request->{httpStatus} != 404) {
+                if ($request->{result} != 37 && $request->{httpStatus} != 404 && $request->{httpStatus} != 403) {
                     print STDERR "could not check ‘$request->{url}’ (" .
                         ($request->{result} != 0 ? "Curl error $request->{result}" : "HTTP status $request->{httpStatus}") . ")\n";
                 } else {
                     $insertNARExistence->execute($cache->{id}, basename($request->{storePath}), 0, time())
-                        unless $request->{url} =~ /^file:/;
+                        if shouldCache $request->{url};
                 }
                 push @left2, $request->{storePath};
             } else {
                 $insertNARExistence->execute($cache->{id}, basename($request->{storePath}), 1, time())
-                    unless $request->{url} =~ /^file:/;
+                    if shouldCache $request->{url};
                 print "$request->{storePath}\n";
             }
         }
@@ -486,21 +529,24 @@ sub downloadBinary {
         next unless defined $info;
 
         my $decompressor;
-        if ($info->{compression} eq "bzip2") { $decompressor = "$Nix::Config::bzip2 -d"; }
-        elsif ($info->{compression} eq "xz") { $decompressor = "$Nix::Config::xz -d"; }
+        if ($info->{compression} eq "bzip2") { $decompressor = "| $Nix::Config::bzip2 -d"; }
+        elsif ($info->{compression} eq "xz") { $decompressor = "| $Nix::Config::xz -d"; }
+        elsif ($info->{compression} eq "none") { $decompressor = ""; }
         else {
             print STDERR "unknown compression method ‘$info->{compression}’\n";
             next;
         }
         my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
-        print STDERR "\n*** Downloading ‘$url’ to ‘$storePath’...\n";
+        die if $requireSignedBinaryCaches && !defined $info->{signedBy};
+        print STDERR "\n*** Downloading ‘$url’ ", ($requireSignedBinaryCaches ? "(signed by ‘$info->{signedBy}’) " : ""), "to ‘$storePath’...\n";
         checkURL $url;
-        if (system("$Nix::Config::curl --fail --location --insecure '$url' | $decompressor | $Nix::Config::binDir/nix-store --restore $destPath") != 0) {
+        if (system("$Nix::Config::curl --fail --location --insecure --connect-timeout $curlConnectTimeout '$url' $decompressor | $Nix::Config::binDir/nix-store --restore $destPath") != 0) {
             warn "download of `$url' failed" . ($! ? ": $!" : "") . "\n";
             next;
         }
 
         # Tell Nix about the expected hash so it can verify it.
+        die unless defined $info->{narHash} && $info->{narHash} ne "";
         print "$info->{narHash}\n";
 
         print STDERR "\n";
@@ -508,9 +554,17 @@ sub downloadBinary {
     }
 
     print STDERR "could not download ‘$storePath’ from any binary cache\n";
+    exit 1;
 }
 
 
+# Bail out right away if binary caches are disabled.
+exit 0 if
+    ($Nix::Config::config{"use-binary-caches"} // "true") eq "false" ||
+    ($Nix::Config::config{"untrusted-use-binary-caches"} // "true") eq "false";
+print "\n";
+flush STDOUT;
+
 initCache();
 
 

scripts/download-using-manifests.pl.in

@@ -22,6 +22,8 @@ my $curl = "$Nix::Config::curl --fail --location --insecure";
 
 # Open the manifest cache and update it if necessary.
 my $dbh = updateManifestDB();
+exit 0 unless defined $dbh; # exit if there are no manifests
+print "\n";
 
 
 # $hashCache->{$algo}->{$path} yields the $algo-hash of $path.
@@ -315,7 +317,7 @@ while (scalar @path > 0) {
         # Apply the patch to the NAR archive produced in step 1 (for
         # the already present path) or a later step (for patch sequences).
         print STDERR "  applying patch...\n";
-        system("$Nix::Config::libexecDir/bspatch $tmpNar $tmpNar2 $patchPath") == 0
+        system("$Nix::Config::libexecDir/nix/bspatch $tmpNar $tmpNar2 $patchPath") == 0
             or die "cannot apply patch `$patchPath' to $tmpNar\n";
 
         if ($curStep < $maxStep) {
@@ -342,17 +344,18 @@ while (scalar @path > 0) {
         checkURL $narFile->{url};
 
         my $decompressor =
-            $narFile->{compressionType} eq "bzip2" ? "$Nix::Config::bzip2 -d" :
-            $narFile->{compressionType} eq "xz" ? "$Nix::Config::xz -d" :
+            $narFile->{compressionType} eq "bzip2" ? "| $Nix::Config::bzip2 -d" :
+            $narFile->{compressionType} eq "xz" ? "| $Nix::Config::xz -d" :
+            $narFile->{compressionType} eq "none" ? "" :
             die "unknown compression type `$narFile->{compressionType}'";
 
         if ($curStep < $maxStep) {
             # The archive will be used a base to a patch.
-            system("$curl '$narFile->{url}' | $decompressor > $tmpNar") == 0
+            system("$curl '$narFile->{url}' $decompressor > $tmpNar") == 0
                 or die "cannot download and unpack `$narFile->{url}' to `$v'\n";
         } else {
             # Unpack the archive to the target path.
-            system("$curl '$narFile->{url}' | $decompressor | $Nix::Config::binDir/nix-store --restore '$destPath'") == 0
+            system("$curl '$narFile->{url}' $decompressor | $Nix::Config::binDir/nix-store --restore '$destPath'") == 0
                 or die "cannot download and unpack `$narFile->{url}' to `$v'\n";
         }
 

scripts/find-runtime-roots.pl.in

@@ -1,22 +1,22 @@
-#! @perl@ -w
+#! @perl@ -w @perlFlags@
 
 use strict;
-
-my $procDir = "/proc";
+use Nix::Utils;
+use Nix::Config;
 
 
 sub readProc {
-    return unless -d $procDir;
+    return unless -d "/proc";
+
+    opendir DIR, "/proc" or return;
 
-    opendir DIR, $procDir or return;
-    
     foreach my $name (readdir DIR) {
         next unless $name =~ /^\d+$/;
 
-        my $process = "$procDir/$name";
+        my $process = "/proc/$name";
 
         #print STDERR "=== $process\n";
-        
+
         my $target;
         print "$target\n" if $target = readlink "$process/exe";
         print "$target\n" if $target = readlink "$process/cwd";
@@ -36,6 +36,13 @@ sub readProc {
             }
             close MAP;
         }
+
+        # Get all store paths that appear in the environment of this process.
+        eval {
+            my $env = Nix::Utils::readFile "$process/environ";
+            my @matches = $env =~ /\Q$Nix::Config::storeDir\E\/[0-9a-z]+[0-9a-zA-Z\+\-\._\?=]*/g;
+            print "$_\n" foreach @matches;
+        }
     }
 
     closedir DIR;
@@ -58,18 +65,15 @@ readProc;
 lsof;
 
 
-sub readFile {
-    my $path = shift;
-    if (-e $path) {
-        if (open FILE, "$path") {
-            while (<FILE>) {
-                print;
-            }
-            close FILE;
-        }
+sub printFile {
+    my ($fn) = @_;
+    if (-e $fn) {
+        print Nix::Utils::readFile($fn), "\n";
     }
 }
 
+
 # This is rather NixOS-specific, so it probably shouldn't be here.
-readFile "/proc/sys/kernel/modprobe";
-readFile "/proc/sys/kernel/fbsplash";
+printFile "/proc/sys/kernel/modprobe";
+printFile "/proc/sys/kernel/fbsplash";
+printFile "/proc/sys/kernel/poweroff_cmd";

scripts/install-nix-from-closure.sh

@@ -1,34 +1,116 @@
-#! /bin/sh -e
+#! /usr/bin/env bash
 
-nix=@nix@
-regInfo=@regInfo@
+set -e
 
-if ! $nix/bin/nix-store --load-db < $regInfo; then
-    echo "$0: unable to register valid paths"
+dest="/nix"
+self="$(dirname "$0")"
+nix="@nix@"
+
+if ! [ -e $self/.reginfo ]; then
+    echo "$0: incomplete installer (.reginfo is missing)" >&2
     exit 1
 fi
 
-. @nix@/etc/profile.d/nix.sh
-
-if ! $nix/bin/nix-env -i @nix@; then
-    echo "$0: unable to install Nix into your default profile"
+if [ -z "$USER" ]; then
+    echo "$0: \$USER is not set" >&2
     exit 1
 fi
 
-# Add nix.sh to the shell's profile.d directory.
+if [ "$(id -u)" -eq 0 ]; then
+    echo "warning: installing Nix as root is not recommended" >&2
+fi
+
+echo "performing a single-user installation of Nix..." >&2
+
+if ! [ -e $dest ]; then
+    cmd="mkdir -m 0755 $dest && chown $USER $dest"
+    echo "directory $dest does not exist; creating it by running \`$cmd' using sudo" >&2
+    if ! sudo sh -c "$cmd"; then
+        echo "$0: please manually run \`$cmd' as root to create $dest" >&2
+        exit 1
+    fi
+fi
+
+if ! [ -w $dest ]; then
+    echo "$0: directory $dest exists, but is not writable by you; please run \`chown -R $USER $dest' as root" >&2
+    exit 1
+fi
+
+mkdir -p $dest/store
+
+echo -n "copying Nix to $dest/store..." >&2
+
+for i in $(cd $self/store && echo *); do
+    echo -n "." >&2
+    i_tmp="$dest/store/$i.$$"
+    if [ -e "$i_tmp" ]; then
+        rm -rf "$i_tmp"
+    fi
+    if ! [ -e "$dest/store/$i" ]; then
+        cp -Rp "$self/store/$i" "$i_tmp"
+        mv "$i_tmp" "$dest/store/$i"
+    fi
+done
+echo "" >&2
+
+echo "initialising Nix database..." >&2
+if ! $nix/bin/nix-store --init; then
+    echo "$0: failed to initialize the Nix database" >&2
+    exit 1
+fi
+
+if ! $nix/bin/nix-store --load-db < $self/.reginfo; then
+    echo "$0: unable to register valid paths" >&2
+    exit 1
+fi
+
+. $nix/etc/profile.d/nix.sh
+
+if ! $nix/bin/nix-env -i $nix; then
+    echo "$0: unable to install Nix into your default profile" >&2
+    exit 1
+fi
+
+# Subscribe the user to the Nixpkgs channel and fetch it.
+if ! $nix/bin/nix-channel --list | grep -q "^nixpkgs "; then
+    $nix/bin/nix-channel --add http://nixos.org/channels/nixpkgs-unstable
+fi
+$nix/bin/nix-channel --update nixpkgs
+
+# Make the shell source nix.sh during login.
 p=$NIX_LINK/etc/profile.d/nix.sh
 
-if [ -w /etc/profile.d ]; then
-    ln -s $p /etc/profile.d/
-elif [ -w /usr/local/etc/profile.d ]; then
-    ln -s $p /usr/local/etc/profile.d/
-else
-    cat <<EOF
-Installation finished.  To ensure that the necessary environment
+added=
+for i in .bash_profile .bash_login .profile; do
+    fn="$HOME/$i"
+    if [ -e "$fn" ]; then
+        if ! grep -q "$p" "$fn"; then
+            echo "modifying $fn..." >&2
+            echo "if [ -e $p ]; then . $p; fi # added by Nix installer" >> $fn
+        fi
+        added=1
+        break
+    fi
+done
+
+if [ -z "$added" ]; then
+    cat >&2 <<EOF
+
+Installation finished!  To ensure that the necessary environment
 variables are set, please add the line
 
-  source $p
+  . $p
 
 to your shell profile (e.g. ~/.profile).
 EOF
-fi
+else
+    cat >&2 <<EOF
+
+Installation finished!  To ensure that the necessary environment
+variables are set, either log in again, or type
+
+  . $p
+
+in your shell.
+EOF
+fi

scripts/local.mk

@@ -0,0 +1,37 @@
+nix_bin_scripts := \
+  $(d)/nix-build \
+  $(d)/nix-channel \
+  $(d)/nix-collect-garbage \
+  $(d)/nix-copy-closure \
+  $(d)/nix-generate-patches \
+  $(d)/nix-install-package \
+  $(d)/nix-prefetch-url \
+  $(d)/nix-pull \
+  $(d)/nix-push
+
+bin-scripts += $(nix_bin_scripts)
+
+nix_substituters := \
+  $(d)/copy-from-other-stores.pl \
+  $(d)/download-from-binary-cache.pl \
+  $(d)/download-using-manifests.pl
+
+nix_noinst_scripts := \
+  $(d)/build-remote.pl \
+  $(d)/find-runtime-roots.pl \
+  $(d)/nix-http-export.cgi \
+  $(d)/nix-profile.sh \
+  $(d)/nix-reduce-build \
+  $(nix_substituters)
+
+noinst-scripts += $(nix_noinst_scripts)
+
+profiledir = $(sysconfdir)/profile.d
+
+$(eval $(call install-file-as, $(d)/nix-profile.sh, $(profiledir)/nix.sh, 0644))
+$(eval $(call install-program-in, $(d)/find-runtime-roots.pl, $(libexecdir)/nix))
+$(eval $(call install-program-in, $(d)/build-remote.pl, $(libexecdir)/nix))
+$(foreach prog, $(nix_substituters), $(eval $(call install-program-in, $(prog), $(libexecdir)/nix/substituters)))
+$(eval $(call install-symlink, nix-build, $(bindir)/nix-shell))
+
+clean-files += $(nix_bin_scripts) $(nix_noinst_scripts)

scripts/nix-build.in

@@ -3,23 +3,29 @@
 use strict;
 use Nix::Config;
 use Nix::Store;
+use Nix::Utils;
 use File::Temp qw(tempdir);
 
 
 my $dryRun = 0;
 my $verbose = 0;
-my $runEnv = 0;
+my $runEnv = $0 =~ /nix-shell$/;
+my $pure = 0;
+my $fromArgs = 0;
+my $packages = 0;
 
 my @instArgs = ();
 my @buildArgs = ();
 my @exprs = ();
 
 my $shell = $ENV{SHELL} || "/bin/sh";
-my $envCommand = "p=\$PATH; source \$stdenv/setup; PATH=\$PATH:\$p; exec $shell";
+my $envCommand = ""; # interactive shell
 my @envExclude = ();
 
+my $myName = $runEnv ? "nix-shell" : "nix-build";
 
-my $tmpDir = tempdir("nix-build.XXXXXX", CLEANUP => 1, TMPDIR => 1)
+
+my $tmpDir = tempdir("$myName.XXXXXX", CLEANUP => 1, TMPDIR => 1)
     or die "cannot create a temporary directory";
 
 my $outLink = "./result";
@@ -33,11 +39,11 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
     my $arg = $ARGV[$n];
 
     if ($arg eq "--help") {
-        exec "man nix-build" or die;
+        exec "man $myName" or die;
     }
 
     elsif ($arg eq "--version") {
-        print "nix-build (Nix) $Nix::Config::version\n";
+        print "$myName (Nix) $Nix::Config::version\n";
         exit 0;
     }
 
@@ -45,7 +51,7 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         $drvLink = "./derivation";
     }
 
-    elsif ($arg eq "--no-out-link" or $arg eq "--no-link") {
+    elsif ($arg eq "--no-out-link" || $arg eq "--no-link") {
         $outLink = "$tmpDir/result";
     }
 
@@ -55,13 +61,13 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         $drvLink = $ARGV[$n];
     }
 
-    elsif ($arg eq "--out-link" or $arg eq "-o") {
+    elsif ($arg eq "--out-link" || $arg eq "-o") {
         $n++;
         die "$0: `$arg' requires an argument\n" unless $n < scalar @ARGV;
         $outLink = $ARGV[$n];
     }
 
-    elsif ($arg eq "--attr" or $arg eq "-A" or $arg eq "-I") {
+    elsif ($arg eq "--attr" || $arg eq "-A" || $arg eq "-I") {
         $n++;
         die "$0: `$arg' requires an argument\n" unless $n < scalar @ARGV;
         push @instArgs, ($arg, $ARGV[$n]);
@@ -87,7 +93,7 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         $n += 2;
     }
 
-    elsif ($arg eq "--max-jobs" or $arg eq "-j" or $arg eq "--max-silent-time" or $arg eq "--log-type" or $arg eq "--cores") {
+    elsif ($arg eq "--max-jobs" || $arg eq "-j" || $arg eq "--max-silent-time" || $arg eq "--log-type" || $arg eq "--cores" || $arg eq "--timeout") {
         $n++;
         die "$0: `$arg' requires an argument\n" unless $n < scalar @ARGV;
         push @buildArgs, ($arg, $ARGV[$n]);
@@ -106,7 +112,7 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         @exprs = ("-");
     }
 
-    elsif ($arg eq "--verbose" or substr($arg, 0, 2) eq "-v") {
+    elsif ($arg eq "--verbose" || substr($arg, 0, 2) eq "-v") {
         push @buildArgs, $arg;
         push @instArgs, $arg;
         $verbose = 1;
@@ -117,14 +123,18 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         push @instArgs, $arg;
     }
 
-    elsif ($arg eq "--run-env") {
+    elsif ($arg eq "--check") {
+        push @buildArgs, $arg;
+    }
+
+    elsif ($arg eq "--run-env") { # obsolete
         $runEnv = 1;
     }
 
     elsif ($arg eq "--command") {
         $n++;
         die "$0: `$arg' requires an argument\n" unless $n < scalar @ARGV;
-        $envCommand = $ARGV[$n];
+        $envCommand = "$ARGV[$n]\nexit $!";
     }
 
     elsif ($arg eq "--exclude") {
@@ -133,6 +143,18 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
         push @envExclude, $ARGV[$n];
     }
 
+    elsif ($arg eq "--pure") { $pure = 1; }
+    elsif ($arg eq "--impure") { $pure = 0; }
+
+    elsif ($arg eq "--expr" || $arg eq "-E") {
+        $fromArgs = 1;
+        push @instArgs, "--expr";
+    }
+
+    elsif ($arg eq "--packages" || $arg eq "-p") {
+        $packages = 1;
+    }
+
     elsif (substr($arg, 0, 1) eq "-") {
         push @buildArgs, $arg;
     }
@@ -142,42 +164,84 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
     }
 }
 
-@exprs = ("./default.nix") if scalar @exprs == 0;
+if ($packages) {
+    push @instArgs, "--expr";
+    @exprs = (
+        'with import <nixpkgs> { }; runCommand "shell" { buildInputs = [ '
+        . (join " ", map { "($_)" } @exprs) . ']; } ""');
+} elsif (!$fromArgs) {
+    @exprs = ("shell.nix") if scalar @exprs == 0 && $runEnv && -e "shell.nix";
+    @exprs = ("default.nix") if scalar @exprs == 0;
+}
+
+$ENV{'IN_NIX_SHELL'} = 1 if $runEnv;
 
 
 foreach my $expr (@exprs) {
 
     # Instantiate.
     my @drvPaths;
-    # !!! would prefer the perl 5.8.0 pipe open feature here.
-    my $pid = open(DRVPATHS, "-|") || exec "$Nix::Config::binDir/nix-instantiate", "--add-root", $drvLink, "--indirect", @instArgs, $expr;
-    while (<DRVPATHS>) {chomp; push @drvPaths, $_;}
-    if (!close DRVPATHS) {
-        die "nix-instantiate killed by signal " . ($? & 127) . "\n" if ($? & 127);
-        exit 1;
+    if ($expr !~ /^\/.*\.drv$/) {
+        # !!! would prefer the perl 5.8.0 pipe open feature here.
+        my $pid = open(DRVPATHS, "-|") || exec "$Nix::Config::binDir/nix-instantiate", "--add-root", $drvLink, "--indirect", @instArgs, $expr;
+        while (<DRVPATHS>) {chomp; push @drvPaths, $_;}
+        if (!close DRVPATHS) {
+            die "nix-instantiate killed by signal " . ($? & 127) . "\n" if ($? & 127);
+            exit 1;
+        }
+    } else {
+        push @drvPaths, $expr;
     }
 
     if ($runEnv) {
-        die "$0: ‘--run-env’ requires a single derivation\n" if scalar @drvPaths != 1;
-        my $drvPath = readlink $drvPaths[0] or die "cannot read symlink `$drvPaths[0]'";
+        die "$0: a single derivation is required\n" if scalar @drvPaths != 1;
+        my $drvPath = $drvPaths[0];
+        $drvPath = (split '!',$drvPath)[0];
+        $drvPath = readlink $drvPath or die "cannot read symlink `$drvPath'" if -l $drvPath;
         my $drv = derivationFromPath($drvPath);
 
         # Build or fetch all dependencies of the derivation.
         my @inputDrvs = grep { my $x = $_; (grep { $x =~ $_ } @envExclude) == 0 } @{$drv->{inputDrvs}};
-        system("$Nix::Config::binDir/nix-store -r @buildArgs @inputDrvs @{$drv->{inputSrcs}} > /dev/null") == 0
+        system("$Nix::Config::binDir/nix-store", "-r", "--no-output", "--no-gc-warning", @buildArgs, @inputDrvs, @{$drv->{inputSrcs}}) == 0
             or die "$0: failed to build all dependencies\n";
 
         # Set the environment.
-        $ENV{'NIX_BUILD_TOP'} = $ENV{'TMPDIR'} || "/tmp";
-        foreach (keys %{$drv->{env}}) {
-            $ENV{$_} = $drv->{env}->{$_};
+        if ($pure) {
+            foreach my $name (keys %ENV) {
+                next if grep { $_ eq $name } ("HOME", "USER", "LOGNAME", "DISPLAY", "PATH", "TERM", "IN_NIX_SHELL", "TZ", "PAGER");
+                delete $ENV{$name};
+            }
+            # NixOS hack: prevent /etc/bashrc from sourcing /etc/profile.
+            $ENV{'__ETC_PROFILE_SOURCED'} = 1;
         }
+        $ENV{'NIX_BUILD_TOP'} = $ENV{'TMPDIR'} = $ENV{'TEMPDIR'} = $ENV{'TMP'} = $ENV{'TEMP'} = $ENV{'TMPDIR'} // "/tmp";
+        $ENV{'NIX_STORE'} = $Nix::Config::storeDir;
+        $ENV{$_} = $drv->{env}->{$_} foreach keys %{$drv->{env}};
 
         # Run a shell using the derivation's environment.  For
         # convenience, source $stdenv/setup to setup additional
-        # environment variables.  Also don't lose the current $PATH
-        # directories.
-        exec($ENV{SHELL}, "-c", $envCommand);
+        # environment variables and shell functions.  Also don't lose
+        # the current $PATH directories.
+        my $rcfile = "$tmpDir/rc";
+        writeFile(
+            $rcfile,
+            "rm -rf '$tmpDir'; " .
+            'unset BASH_ENV; ' .
+            '[ -n "$PS1" ] && [ -e ~/.bashrc ] && source ~/.bashrc; ' .
+            ($pure ? '' : 'p=$PATH; ' ) .
+            'dontAddDisableDepTrack=1; ' .
+            '[ -e $stdenv/setup ] && source $stdenv/setup; ' .
+            'if [ "$(type -t runHook)" = function ]; then runHook shellHook; fi; ' .
+            ($pure ? '' : 'PATH=$PATH:$p; unset p; ') .
+            'set +e; ' .
+            '[ -n "$PS1" ] && PS1="\n\[\033[1;32m\][nix-shell:\w]$\[\033[0m\] "; ' .
+            'unset NIX_ENFORCE_PURITY; ' .
+            'unset NIX_INDENT_MAKE; ' .
+            'shopt -u nullglob; ' .
+            'unset TZ; ' . (defined $ENV{'TZ'} ? "export TZ='${ENV{'TZ'}}'; " : '') .
+            $envCommand);
+        $ENV{BASH_ENV} = $rcfile;
+        exec($ENV{NIX_BUILD_SHELL} // "bash", "--rcfile", $rcfile);
         die;
     }
 
@@ -206,7 +270,7 @@ foreach my $expr (@exprs) {
 
     # Build.
     my @outPaths;
-    $pid = open(OUTPATHS, "-|") || exec "$Nix::Config::binDir/nix-store", "--add-root", $outLink, "--indirect", "-r",
+    my $pid = open(OUTPATHS, "-|") || exec "$Nix::Config::binDir/nix-store", "--add-root", $outLink, "--indirect", "-r",
         @buildArgs, @drvPaths2;
     while (<OUTPATHS>) {chomp; push @outPaths, $_;}
     if (!close OUTPATHS) {

scripts/nix-channel.in

@@ -22,7 +22,7 @@ my $channelsList = "$home/.nix-channels";
 my $nixDefExpr = "$home/.nix-defexpr";
 
 # Figure out the name of the channels profile.
-my $userName = getpwuid($<) or die "cannot figure out user name";
+my $userName = getpwuid($<) || $ENV{"USER"} or die "cannot figure out user name";
 my $profile = "$Nix::Config::stateDir/profiles/per-user/$userName/channels";
 mkpath(dirname $profile, 0, 0755);
 

scripts/nix-collect-garbage.in

@@ -8,12 +8,19 @@ my $profilesDir = "@localstatedir@/nix/profiles";
 
 # Process the command line arguments.
 my @args = ();
+my $arg;
+
 my $removeOld = 0;
+my $gen;
 my $dryRun = 0;
 
-for my $arg (@ARGV) {
+while ($arg = shift) {
     if ($arg eq "--delete-old" || $arg eq "-d") {
         $removeOld = 1;
+        $gen = "old";
+    } elsif ($arg eq "--delete-older-than") {
+        $removeOld = 1;
+        $gen = shift;
     } elsif ($arg eq "--dry-run") {
         $dryRun = 1;
     } elsif ($arg eq "--help") {
@@ -40,7 +47,8 @@ sub removeOldGenerations {
         $name = $dir . "/" . $name;
         if (-l $name && (readlink($name) =~ /link/)) {
             print STDERR "removing old generations of profile $name\n";
-            system("$Nix::Config::binDir/nix-env", "-p", $name, "--delete-generations", "old", $dryRun ? "--dry-run" : ());
+
+            system("$Nix::Config::binDir/nix-env", "-p", $name, "--delete-generations", $gen, $dryRun ? "--dry-run" : ());
         }
         elsif (! -l $name && -d $name) {
             removeOldGenerations $name;